Backdoor.Ramnit.Win32.1598

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

Malware Analysis of Backdoor.Ramnit.Win32.1598 – XUL.DLL

Created files:

%SYSTEMDRIVE%\PROGRAMDATA\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\SOFTOKN3.DLL
%SYSTEMDRIVE%\PROGRAMDATA\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\UPDATER.EXE
%SYSTEMDRIVE%\PROGRAMDATA\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\XUL.DLL
%SYSTEMDRIVE%\PROGRAMDATA\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\XULRUNNER-STUB.EXE
%SYSTEMDRIVE%\PROGRAMDATA\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\XULRUNNER.EXE

Autostart registry keys:

HKLM\Software\Classes\CLSID\{04F03400-3463-4673-B8F7-EB271BC08E3C}\LocalServer32\: “”%Program Files%\BlueStacks\BstkSVC.exe””
HKLM\Software\Classes\CLSID\{3723D2E7-B1A0-472C-8B2D-740B05BD7332}\InprocServer32\: “%Program Files%\BlueStacks\BstkC.dll”
HKLM\Software\Classes\CLSID\{44CE68DE-0174-4C70-90F4-0F90E8A18AA1}\InprocServer32\: “%Program Files%\BlueStacks\BstkC.dll”
HKLM\Software\Classes\bluestacks\shell\open\command\: “%Program Files%\BlueStacks\HD-RunApp.exe %1”
HKLM\Software\Classes\BlueStacks.Apk\shell\open\command\: “%Program Files%\BlueStacks\HD-ApkHandler.exe -apk “%1″”
HKLM\Software\Classes\BlueStacks.bluestacks\shell\open\command\: “%Program Files%\BlueStacks\HD-RunApp.exe “%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\663556AA323DD404AAB9DA65C2EAD10D\InstallProperties\UninstallString: “MsiExec.exe /X{AA655366-D323-404D-AA9B-AD562CAE1DD0}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\663556AA323DD404AAB9DA65C2EAD10D\InstallProperties\DisplayName: “BlueStacks App Player”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AA655366-D323-404D-AA9B-AD562CAE1DD0}\UninstallString: “MsiExec.exe /X{AA655366-D323-404D-AA9B-AD562CAE1DD0}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AA655366-D323-404D-AA9B-AD562CAE1DD0}\DisplayName: “BlueStacks App Player”
HKLM\System\CurrentControlSet\services\BstHdAndroidSvc\ImagePath: “”%Program Files%\BlueStacks\HD-Service.exe” BstHdAndroidSvc Android”
HKLM\System\CurrentControlSet\services\BstHdAndroidSvc\DisplayName: “BlueStacks Android Service”
HKLM\System\CurrentControlSet\services\BstHdDrv\ImagePath: “\??\%Program Files%\BlueStacks\HD-Hypervisor-x86.sys”
HKLM\System\CurrentControlSet\services\BstHdDrv\DisplayName: “BlueStacks Hypervisor”
HKLM\System\CurrentControlSet\services\BstHdLogRotatorSvc\ImagePath: “%Program Files%\BlueStacks\HD-LogRotatorService.exe”
HKLM\System\CurrentControlSet\services\BstHdLogRotatorSvc\DisplayName: “BlueStacks Log Rotator Service”
HKLM\System\CurrentControlSet\services\BstHdPlusAndroidSvc\ImagePath: “”%Program Files%\BlueStacks\HD-Plus-Service.exe” BstHdPlusAndroidSvc Android”
HKLM\System\CurrentControlSet\services\BstHdPlusAndroidSvc\DisplayName: “BlueStacks Plus Android Service”
HKLM\System\CurrentControlSet\services\BstHdUpdaterSvc\ImagePath: “%Program Files%\BlueStacks\HD-UpdaterService.exe”
HKLM\System\CurrentControlSet\services\BstHdUpdaterSvc\DisplayName: “BlueStacks Updater Service”
HKLM\System\CurrentControlSet\services\BstkDrv\ImagePath: “\??\%Program Files%\BlueStacks\BstkDrv.sys”
HKLM\System\CurrentControlSet\services\BstkDrv\DisplayName: “BlueStacks Plus Hypervisor”

Detected by UnHackMe:

XUL.DLL
DEFAULT LOCATION: %COMMON APPDATA%\BLUESTACKSGAMEMANAGER\XULRUNNER-SDK\XUL.DLL

Dropper hash(md5): d13fca22a47acc3c0a7cb6889bd606e4

Share This:

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera