Category Archives: Backdoor

Backdoor.RBot.qb

Backdoor.RBot.qb also known as W32/Trojan.ZEAW-3919, W32.Gen.BT, Trojan.InjectorCRTD.Win32.10836. Malware Analysis of Backdoor.RBot.qb – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes malware invisible…

Continue reading

Backdoor:Win32/Zegost.AD!bit

Backdoor:Win32/Zegost.AD!bit also known as Win32/Trojan.e04, Trojan.GenericKD.4564741, Trojan.Generic.D45A705. Malware Analysis of Backdoor:Win32/Zegost.AD!bit – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d Share This: UnHackMe removes malware invisible…

Continue reading

Backdoor ( 04c4de411 )

Backdoor ( 04c4de411 ) also known as Adware.Cdnup.A, ADSPY/Cdnup.A.1, PE:Trojan.Win32.Generic.148B9C89!344693897. Malware Analysis of Backdoor ( 04c4de411 ) – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading

Backdoor.Ramnit.Win32.3256

Backdoor.Ramnit.Win32.3256 also known as Win.Trojan.Ramnit-6040. Malware Analysis of Backdoor.Ramnit.Win32.3256 – BARCONTROL.DLL Created files: %TEMP%\~RNSETUP\ZGOOGLE_DESKTOP\GDSAPI.DLL %TEMP%\~RNSETUP\ZGOOGLE_DESKTOP\GDSSETUP.EXE %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\BARCONTROL.DLL %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\GOOGLETOOLBARINSTALLER.EXE %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\GOOGLETOOLBARINSTALLER98.EXE Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: BARCONTROL.DLL DEFAULT LOCATION: %TEMP%\~RNSETUP\ZGOOGLE_TOOLBAR\BARCONTROL.DLL Dropper hash(md5): 115953246b798695c685478ca4497e9a Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Backdoor.Win32.Ruskill

Backdoor.Win32.Ruskill also known as Trojan.Win32.Generic!BT, Trojan.GenericKD.3062831, Trojan.GenericKD.3062831. Malware Analysis of Backdoor.Win32.Ruskill – SQPIEPHIJUGG.EXE Created files: %SYSTEMDRIVE%\USERS\RECOVERY+CIFFC.PNG %SYSTEMDRIVE%\USERS\RECOVERY+CIFFC.TXT %WINDIR%\SQPIEPHIJUGG.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ACOWCKNYTHDX: “%SYSDIR%\CMD.EXE /C START “” “%WINDIR%\SQPIEPHIJUGG.EXE”” Detected by UnHackMe: SQPIEPHIJUGG.EXE Default location: %WinDir%\SQPIEPHIJUGG.EXE Dropper hash(md5): 039cc6b27dbe8ac72b8764e57c6d0a3f Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Backdoor:Python/Raywa.A

Backdoor:Python/Raywa.A also known as Trojan ( 004dfd821 ), TROJ_GEN.R023C0DIL16, trojan.python.kaazar.a. Malware Analysis of Backdoor:Python/Raywa.A – MSDS.EXE Created files: %TEMP%\_MEI39602\MICROSOFT.VC90.CRT.MANIFEST %TEMP%\_MEI39602\MICROSOFT.VC90.MFC.MANIFEST %TEMP%\_MEI39602\MSDS.EXE.MANIFEST %TEMP%\_MEI39602\MSVCM90.DLL %TEMP%\_MEI39602\MSVCP90.DLL Detected by UnHackMe: MSDS.EXE DEFAULT LOCATION: %TEMP%\_MEI39602\MSDS.EXE.MANIFEST Dropper hash(md5): 063f30f0b88bbb45e04934e043a67255 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Win32.Backdoor.Gh0st.Eusy

Win32.Backdoor.Gh0st.Eusy also known as TR/Injector.45156.3, UDS:DangerousObject.Multi.Generic, malicious_confidence_100% (D). Malware Analysis of Win32.Backdoor.Gh0st.Eusy – DATA.DLL Created files: %Program Files%\data.dll %Program Files%\gif.png %Program Files%\Ping_Master_Pro.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\strlenW: “%Program Files%\Ping_Master_Pro.exe” Detected by UnHackMe: DATA.DLL Default location: %PROGRAM FILES%\DATA.DLL Dropper hash(md5): 08c5c16e4c97247c78f538f7165a4ce2 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading

backdoor.win32.turkojan.b

backdoor.win32.turkojan.b also known as Trojan.GenericKD.4586323, a variant of Win32/Injector.DMKB, Trojan.GenericKD.4586323. Malware Analysis of backdoor.win32.turkojan.b – 55CT.DLL Created files: %SYSTEMDRIVE%\MTUBBKWQJ0MTUBBKWQJ0\X %APPDATA%\29968C9F-9620-4BA5-8C7C-E462FE7069DF\RUN.DAT %PROFILE%\MTUBBKWQJ0\55CT.DLL %PROFILE%\MTUBBKWQJ0\X %PROFILE%\MTUBBKWQJ0\ZAOELW.VBS Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\MTUBBKWQJ0: “%SYSTEMDRIVE%\MTUBBKWQJ0MTUBBKWQJ0\MTUBBKWQJ0.VBS” Detected by UnHackMe: 55CT.DLL DEFAULT LOCATION: %PROFILE%\MTUBBKWQJ0\55CT.DLL Dropper hash(md5): 4d378d275ad733b897bfbc259d0ba895 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Backdoor.LuminosityLink

Backdoor.LuminosityLink also known as Trojan ( 004fa5aa1 ), Trojan ( 004fa5aa1 ), Trojan.GenericKD.4504452. Malware Analysis of Backdoor.LuminosityLink – CTSMDMOP.EXE Created files: %APPDATA%\MICROSOFT\WINDOWS\SCREENTOGIF\CTSMDMOP.EXE %APPDATA%\MICROSOFT\WINDOWS\SCREENTOGIF\CTSMDMOP.LNK %APPDATA%\MICROSOFT\WINDOWS\SCREENTOGIF\FL.TXT %APPDATA%\MONITOR\GUARD\1 %APPDATA%\MONITOR\SCREENSHOTS\03-23-2017\2.14 PM Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\LOAD: “%APPDATA%\MICROSOFT\WINDOWS\SCREENTOGIF\CTSMDMOP.LNK” Detected by UnHackMe: CTSMDMOP.EXE DEFAULT LOCATION: %APPDATA%\MICROSOFT\WINDOWS\SCREENTOGIF\CTSMDMOP.EXE Dropper hash(md5): 3debec4b431bedc25cb31a3da16d5b04 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading

backdoor.msil.bladabindi.ao

backdoor.msil.bladabindi.ao also known as Artemis!51074948BB6F, a variant of MSIL/Injector.BML, Malicious. Malware Analysis of backdoor.msil.bladabindi.ao – 18.EXE Created files: %TEMP%\ICACHE-04044202.TMP %TEMP%\ILIST-00000000.TMP %TEMP%\RARSFX0\SERVR.EXE %STARTUP%\JAVA UPDATE.EXE %APPDATA%MICROSOFT\SYSTEM\SERVICES\18.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\18.EXE: “%APPDATA%MICROSOFT\SYSTEM\SERVICES\18.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS UPDATE: “”%TEMP%\RARSFX0\SERVR.EXE” ..” Detected by UnHackMe: 18.EXE DEFAULT LOCATION: %APPDATA%MICROSOFT\SYSTEM\SERVICES\18.EXE Dropper hash(md5): ecb6cdd2d8ec3b9e596510e186a11f3e Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading

backdoor.win32.turkojan.b

backdoor.win32.turkojan.b also known as Win.Trojan.RC465-5900681-0, HEUR/QVM25.0.0000.Malware.Gen. Malware Analysis of backdoor.win32.turkojan.b – 2LH8.DLL Created files: %PROFILE%\WKMI6XM144\2LH8.DLL %PROFILE%\WKMI6XM144\H7LBIB.VBS %PROFILE%\WKMI6XM144\P %PROFILE%\WKMI6XM144\X Detected by UnHackMe: 2LH8.DLL DEFAULT LOCATION: %PROFILE%\WKMI6XM144\2LH8.DLL Dropper hash(md5): d1d28aec3245b646c57fb0543f5f58d2 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Backdoor.Win32.Androm.FS

Backdoor.Win32.Androm.FS also known as a variant of Win32/Kryptik.EFPI, Ransom.Crowti.WR7, static engine – malicious. Malware Analysis of Backdoor.Win32.Androm.FS – NIULW.EXE Created files: %APPDATA%\ADAWE\EXGUB.IZG %APPDATA%\DATAYH\VETU.TMP %APPDATA%\PAILO\NIULW.EXE Detected by UnHackMe: NIULW.EXE DEFAULT LOCATION: %APPDATA%\PAILO\NIULW.EXE Dropper hash(md5): 9ca0e64d9e417b8bf3931b8304a1ccd4 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Backdoor.Win32.Dedipros

Backdoor.Win32.Dedipros also known as Gen:Variant.Graftor.188682 (B), Gen:Variant.Graftor.188682, Win32/DH{gm+CYg?}. Malware Analysis of Backdoor.Win32.Dedipros – WINDASDALOGON.EXE Created files: %SYSTEMDRIVE%\WINDASDALOGON.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\JKLMNO QRSTUVWX ABC\IMAGEPATH: “%SYSTEMDRIVE%\WINDASDALOGON.EXE -K DKIGIQ” HKLM\System\CurrentControlSet\services\Jklmno Qrstuvwx Abc\DisplayName: “Jklmno Qrstuvwx Abcdefgh Jklm” Detected by UnHackMe: WINDASDALOGON.EXE DEFAULT LOCATION: %SYSTEMDRIVE%\WINDASDALOGON.EXE Dropper hash(md5): 440bce4bb7fbea8f630223c09cf6c986 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading

Backdoor.MSIL.kxh

Backdoor.MSIL.kxh also known as Troj/MSIL-HPV, Trojan[Backdoor]/MSIL.Bladabindi, MSIL/Bladabindi.AS!tr. Malware Analysis of Backdoor.MSIL.kxh – D123DF6C6AAA89662B04339725F5D1C6.EXE Created files: %STARTUP%\D123DF6C6AAA89662B04339725F5D1C6.EXE Detected by UnHackMe: D123DF6C6AAA89662B04339725F5D1C6.EXE DEFAULT LOCATION: %STARTUP%\D123DF6C6AAA89662B04339725F5D1C6.EXE Dropper hash(md5): d49759808ee3554a65816f66f539fbf5 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

Backdoor.Orcusrot!8.31F2-M8NCKfIDuVD (cloud)

Backdoor.Orcusrot!8.31F2-M8NCKfIDuVD (cloud) also known as W32.eHeur.Malware08, Win32:Malware-gen, TR/Crypt.XPACK.Gen2. Malware Analysis of Backdoor.Orcusrot!8.31F2-M8NCKfIDuVD (cloud) – AUDIODRIVER.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\MICROSOFT\SPEECH\AUDIODRIVER.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\LOAD: “%APPDATA%\MICROSOFT\SPEECH\AUDIODRIVER.EXE” Detected by UnHackMe: AUDIODRIVER.EXE DEFAULT LOCATION: %APPDATA%\MICROSOFT\SPEECH\AUDIODRIVER.EXE Dropper hash(md5): 81658cd3548f3c1d21dabfd86b00942c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Backdoor.Orcusrot

Backdoor.Orcusrot also known as Backdoor:MSIL/Orcusrot.A, Trojan.Agent/Gen-Injector, Trojan.Win32.Generic!BT. Malware Analysis of Backdoor.Orcusrot – AUDIODRIVER.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\MICROSOFT\SPEECH\AUDIODRIVER.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\LOAD: “%APPDATA%\MICROSOFT\SPEECH\AUDIODRIVER.EXE” Detected by UnHackMe: AUDIODRIVER.EXE DEFAULT LOCATION: %APPDATA%\MICROSOFT\SPEECH\AUDIODRIVER.EXE Dropper hash(md5): 81658cd3548f3c1d21dabfd86b00942c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Backdoor:MSIL/Orcusrot.A

Backdoor:MSIL/Orcusrot.A also known as Trojan.Win32.Agent.ekduwj, a variant of MSIL/Agent.AMU, ILAgent. Malware Analysis of Backdoor:MSIL/Orcusrot.A – AUDIODRIVER.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\MICROSOFT\SPEECH\AUDIODRIVER.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\LOAD: “%APPDATA%\MICROSOFT\SPEECH\AUDIODRIVER.EXE” Detected by UnHackMe: AUDIODRIVER.EXE DEFAULT LOCATION: %APPDATA%\MICROSOFT\SPEECH\AUDIODRIVER.EXE Dropper hash(md5): 81658cd3548f3c1d21dabfd86b00942c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

backdoor.win32.simda.a

backdoor.win32.simda.a also known as TR/AD.BlackShades.dlcvj, W32/Trojan.TOLC-7391, Trojan ( 004ef1341 ). Malware Analysis of backdoor.win32.simda.a – SYSTEMOSWIN.EXE Created files: %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.CRWL %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.GTHR %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” Detected by UnHackMe: SYSTEMOSWIN.EXE DEFAULT LOCATION: %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Dropper hash(md5): 9ce8bd7719c922b2cc9483abb4f7c6cb Share This: UnHackMe removes malware…

Continue reading

BackDoor.Comet.3193

BackDoor.Comet.3193 also known as W32.Clode7c.Trojan.c2e5, Inject3.BJPG, Backdoor.Androm.Win32.37789. Malware Analysis of BackDoor.Comet.3193 – SYSTEMOSWIN.EXE Created files: %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.CRWL %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.GTHR %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” Detected by UnHackMe: SYSTEMOSWIN.EXE DEFAULT LOCATION: %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Dropper hash(md5): 9ce8bd7719c922b2cc9483abb4f7c6cb Share This: UnHackMe removes malware invisible for your…

Continue reading

Win32/Backdoor.f60

Win32/Backdoor.f60 also known as W32.Clode7c.Trojan.c2e5, Trojan.Generic.19723047, Trojan.Generic.19723047. Malware Analysis of Win32/Backdoor.f60 – SYSTEMOSWIN.EXE Created files: %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.CRWL %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.GTHR %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” Detected by UnHackMe: SYSTEMOSWIN.EXE DEFAULT LOCATION: %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Dropper hash(md5): 9ce8bd7719c922b2cc9483abb4f7c6cb Share This: UnHackMe removes malware invisible for your…

Continue reading

Backdoor.Androm.Win32.37173

Backdoor.Androm.Win32.37173 also known as Trojan.Injector!og/Do9y1jo4, Trojan.GenericKD.3620370, TROJ_GEN.R011C0DJM16. Malware Analysis of Backdoor.Androm.Win32.37173 – WINDOVVSCONFIG.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\WINDCONF\WINDCONF %APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{DD64DA1A-BDBE-E3DF-A3B2-B9C2FE54FBEA}\STUBPATH: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{DD64DA1A-BDBE-E3DF-A3B2-B9C2FE54FBEA}\STUBPATH: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” Detected by UnHackMe: WINDOVVSCONFIG.EXE DEFAULT LOCATION: %APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE Dropper hash(md5): 59842ed853665df5a7af9e3eae50bd9c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe…

Continue reading

Backdoor.Androm.lrr

Backdoor.Androm.lrr also known as RDN/Generic.dx, backdoor.win32.simda.a, BackDoor.Comet.3193. Malware Analysis of Backdoor.Androm.lrr – SYSTEMOSWIN.EXE Created files: %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.CRWL %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.GTHR %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” Detected by UnHackMe: SYSTEMOSWIN.EXE DEFAULT LOCATION: %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Dropper hash(md5): 9ce8bd7719c922b2cc9483abb4f7c6cb Share This: UnHackMe removes malware invisible for your…

Continue reading

Backdoor.Androm.Win32.37789

Backdoor.Androm.Win32.37789 also known as W32.Clode7c.Trojan.c2e5, Trojan ( 004ef1341 ), Mal/Generic-S. Malware Analysis of Backdoor.Androm.Win32.37789 – SYSTEMOSWIN.EXE Created files: %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.CRWL %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.GTHR %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” Detected by UnHackMe: SYSTEMOSWIN.EXE DEFAULT LOCATION: %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Dropper hash(md5): 9ce8bd7719c922b2cc9483abb4f7c6cb Share This: UnHackMe removes malware…

Continue reading

Win32.Backdoor.Androm.Sxeq

Win32.Backdoor.Androm.Sxeq also known as TROJ_GEN.R011C0DJM16, Backdoor.Androm.Win32.37173, a variant of Win32/Injector.CYIA. Malware Analysis of Win32.Backdoor.Androm.Sxeq – WINDOVVSCONFIG.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\WINDCONF\WINDCONF %APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{DD64DA1A-BDBE-E3DF-A3B2-B9C2FE54FBEA}\STUBPATH: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{DD64DA1A-BDBE-E3DF-A3B2-B9C2FE54FBEA}\STUBPATH: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” Detected by UnHackMe: WINDOVVSCONFIG.EXE DEFAULT LOCATION: %APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE Dropper hash(md5): 59842ed853665df5a7af9e3eae50bd9c Share This: UnHackMe removes malware invisible for…

Continue reading

Backdoor.Win32.Androm.ldby

Backdoor.Win32.Androm.ldby also known as Trj/CI.A, Trojan.GenericKD.3620370. Malware Analysis of Backdoor.Win32.Androm.ldby – WINDOVVSCONFIG.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\WINDCONF\WINDCONF %APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{DD64DA1A-BDBE-E3DF-A3B2-B9C2FE54FBEA}\STUBPATH: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{DD64DA1A-BDBE-E3DF-A3B2-B9C2FE54FBEA}\STUBPATH: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” Detected by UnHackMe: WINDOVVSCONFIG.EXE DEFAULT LOCATION: %APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE Dropper hash(md5): 59842ed853665df5a7af9e3eae50bd9c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is…

Continue reading

Backdoor.Androm!8.113-GitxvfPoqJF (cloud)

Backdoor.Androm!8.113-GitxvfPoqJF (cloud) also known as Trojan.Generic.19723047, Trojan.Generic.D12CF327, Trojan.Win32.Z.Injector.550912.T[h]. Malware Analysis of Backdoor.Androm!8.113-GitxvfPoqJF (cloud) – SYSTEMOSWIN.EXE Created files: %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.CRWL %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.GTHR %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” Detected by UnHackMe: SYSTEMOSWIN.EXE DEFAULT LOCATION: %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Dropper hash(md5): 9ce8bd7719c922b2cc9483abb4f7c6cb Share This: UnHackMe removes malware invisible…

Continue reading

Win32.Backdoor.Androm.Hyjw

Win32.Backdoor.Androm.Hyjw also known as Win32/Backdoor.f60, Trojan.Win32.Z.Injector.550912.T[h], a variant of Win32/Injector.CYIA. Malware Analysis of Win32.Backdoor.Androm.Hyjw – SYSTEMOSWIN.EXE Created files: %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.CRWL %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.GTHR %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” Detected by UnHackMe: SYSTEMOSWIN.EXE DEFAULT LOCATION: %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Dropper hash(md5): 9ce8bd7719c922b2cc9483abb4f7c6cb Share This: UnHackMe removes malware…

Continue reading

Backdoor.Win32.Androm.lgtj

Backdoor.Win32.Androm.lgtj also known as RDN/Generic.dx, Trojan ( 004ef1341 ), W32/Injector.CYIA!tr. Malware Analysis of Backdoor.Win32.Androm.lgtj – SYSTEMOSWIN.EXE Created files: %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.CRWL %ALLUSERSPROFILE%\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\GATHERLOGS\SYSTEMINDEX\SYSTEMINDEX.707.GTHR %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{A6BFEBCC-82BF-D843-EBCB-2E36D06324D0}\STUBPATH: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE” Detected by UnHackMe: SYSTEMOSWIN.EXE DEFAULT LOCATION: %APPDATA%\SYSTEMOSWIN\SYSTEMOSWIN.EXE Dropper hash(md5): 9ce8bd7719c922b2cc9483abb4f7c6cb Share This: UnHackMe removes malware…

Continue reading

Backdoor.Androm.lgz

Backdoor.Androm.lgz also known as Trojan.Win32.Generic!BT, Trojan.GenericKD.3620370, W32.Clod06c.Trojan.d688. Malware Analysis of Backdoor.Androm.lgz – WINDOVVSCONFIG.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %APPDATA%\WINDCONF\WINDCONF %APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{DD64DA1A-BDBE-E3DF-A3B2-B9C2FE54FBEA}\STUBPATH: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKCU\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{DD64DA1A-BDBE-E3DF-A3B2-B9C2FE54FBEA}\STUBPATH: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINDOWS: “%APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE” Detected by UnHackMe: WINDOVVSCONFIG.EXE DEFAULT LOCATION: %APPDATA%\WINDCONF\WINDOVVSCONFIG.EXE Dropper hash(md5): 59842ed853665df5a7af9e3eae50bd9c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe…

Continue reading

Win32.Backdoor.Androm.Pgnj

Win32.Backdoor.Androm.Pgnj also known as Trojan.Generic.D3D24C8, Trojan.GenericKD.4007112, Backdoor.Androm. Malware Analysis of Win32.Backdoor.Androm.Pgnj – WINWORD016.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\TMP01.DLL %TEMP%\WINWORD016.EXE %APPDATA%\WINWORD016.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINWORD016: “%TEMP%\WINWORD016.EXE” Detected by UnHackMe: WINWORD016.EXE DEFAULT LOCATION: %TEMP%\WINWORD016.EXE Dropper hash(md5): 4f8bc14d0d85d02b37f17ce58682e06d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera