Backdoor.RBot.qb
Backdoor.RBot.qb also known as W32/Trojan.ZEAW-3919, W32.Gen.BT, Trojan.InjectorCRTD.Win32.10836. Malware Analysis of Backdoor.RBot.qb – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes malware invisible…