Category Archives: Backdoor

Backdoor.Win32.Bladabindi.Gen.A[h]

Backdoor.Win32.Bladabindi.Gen.A[h] also known as Troj/DotNet-P, Backdoor.Bladabindi.AL3, Backdoor.MSIL.Bladabindi.A. Malware Analysis of Backdoor.Win32.Bladabindi.Gen.A[h] – SYTSEM.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\SYTSEM.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FB5A84A65D842F0B451647ACD889EE6B: “”%TEMP%\SYTSEM.EXE” ..” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FB5A84A65D842F0B451647ACD889EE6B: “”%TEMP%\SYTSEM.EXE” ..” Detected by UnHackMe: SYTSEM.EXE DEFAULT LOCATION: %TEMP%\SYTSEM.EXE Dropper hash(md5): ffb326040dfcfcb2f6b267a068a84a8d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

Backdoor.Ruskill.al

Backdoor.Ruskill.al also known as TROJ_HPEPING.SM, TrojWare.Win32.Ransom.Tescrypt.V. Malware Analysis of Backdoor.Ruskill.al – ASCA.EXE Created files: %APPDATA%\ILYTY\ASCA.EXE %APPDATA%\IQIN\MACAA.GIA %APPDATA%\UHQUOF\BEVAI.TMP Detected by UnHackMe: ASCA.EXE DEFAULT LOCATION: %APPDATA%\ILYTY\ASCA.EXE Dropper hash(md5): 68dbc69169fceb37eaf49d8c3abc8563 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading

Backdoor.MSIL.Bladabindi!1.9E49-ayevI8xBr3O (cloud)

Backdoor.MSIL.Bladabindi!1.9E49-ayevI8xBr3O (cloud) also known as Generic.MSIL.Bladabindi.22A7DC09 (B), Generic.MSIL.Bladabindi.22A7DC09, Generic.MSIL.Bladabindi.22A7DC09. Malware Analysis of Backdoor.MSIL.Bladabindi!1.9E49-ayevI8xBr3O (cloud) – SYTSEM.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\SYTSEM.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FB5A84A65D842F0B451647ACD889EE6B: “”%TEMP%\SYTSEM.EXE” ..” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FB5A84A65D842F0B451647ACD889EE6B: “”%TEMP%\SYTSEM.EXE” ..” Detected by UnHackMe: SYTSEM.EXE DEFAULT LOCATION: %TEMP%\SYTSEM.EXE Dropper hash(md5): ffb326040dfcfcb2f6b267a068a84a8d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading

Backdoor.Bladabindi.Generic

Backdoor.Bladabindi.Generic also known as Generic.MSIL.Bladabindi.22A7DC09 (B), Trojan.Win32.Disfa.dtznyx, Trojan.MSIL.Disfa. Malware Analysis of Backdoor.Bladabindi.Generic – SYTSEM.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\SYTSEM.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FB5A84A65D842F0B451647ACD889EE6B: “”%TEMP%\SYTSEM.EXE” ..” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FB5A84A65D842F0B451647ACD889EE6B: “”%TEMP%\SYTSEM.EXE” ..” Detected by UnHackMe: SYTSEM.EXE DEFAULT LOCATION: %TEMP%\SYTSEM.EXE Dropper hash(md5): ffb326040dfcfcb2f6b267a068a84a8d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Backdoor/Win32.Androm.C1720465

Backdoor/Win32.Androm.C1720465 also known as Trojan ( 005012941 ), HEUR/QVM20.1.FB63.Malware.Gen, Trojan ( 005012941 ). Malware Analysis of Backdoor/Win32.Androm.C1720465 – WINWORD016.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\TMP01.DLL %TEMP%\WINWORD016.EXE %APPDATA%\WINWORD016.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINWORD016: “%TEMP%\WINWORD016.EXE” Detected by UnHackMe: WINWORD016.EXE DEFAULT LOCATION: %TEMP%\WINWORD016.EXE Dropper hash(md5): 4f8bc14d0d85d02b37f17ce58682e06d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading

Backdoor.Androm.mto

Backdoor.Androm.mto also known as Trojan.GenericKD.4007112, HEUR/QVM20.1.FB63.Malware.Gen, Trojan.GenericKD.4007112. Malware Analysis of Backdoor.Androm.mto – WINWORD016.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\TMP01.DLL %TEMP%\WINWORD016.EXE %APPDATA%\WINWORD016.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINWORD016: “%TEMP%\WINWORD016.EXE” Detected by UnHackMe: WINWORD016.EXE DEFAULT LOCATION: %TEMP%\WINWORD016.EXE Dropper hash(md5): 4f8bc14d0d85d02b37f17ce58682e06d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading

Backdoor.AndromCRTD.Win32.6324

Backdoor.AndromCRTD.Win32.6324 also known as Crypt_s.MJJ, Trojan.GenericKD.4007112 (B), Trojan.Generic.D3D24C8. Malware Analysis of Backdoor.AndromCRTD.Win32.6324 – WINWORD016.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\TMP01.DLL %TEMP%\WINWORD016.EXE %APPDATA%\WINWORD016.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINWORD016: “%TEMP%\WINWORD016.EXE” Detected by UnHackMe: WINWORD016.EXE DEFAULT LOCATION: %TEMP%\WINWORD016.EXE Dropper hash(md5): 4f8bc14d0d85d02b37f17ce58682e06d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Backdoor/Win32.Bladabindi.R91438

Backdoor/Win32.Bladabindi.R91438 also known as Generic.MSIL.Bladabindi.22A7DC09, Win.Trojan.B-468, W32/MSIL_Bladabindi.AU.gen!Eldorado. Malware Analysis of Backdoor/Win32.Bladabindi.R91438 – SYTSEM.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\SYTSEM.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FB5A84A65D842F0B451647ACD889EE6B: “”%TEMP%\SYTSEM.EXE” ..” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FB5A84A65D842F0B451647ACD889EE6B: “”%TEMP%\SYTSEM.EXE” ..” Detected by UnHackMe: SYTSEM.EXE DEFAULT LOCATION: %TEMP%\SYTSEM.EXE Dropper hash(md5): ffb326040dfcfcb2f6b267a068a84a8d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

Backdoor:Win32/Kirts.A

Backdoor:Win32/Kirts.A also known as Generic.atz, Trojan.Agent!MtaUySGPMPE, TROJ_GEN.R01BC0DL716. Malware Analysis of Backdoor:Win32/Kirts.A – OKRI.EXE Created files: %TEMP%\ILIST-00000000.TMP %APPDATA%\IMMINENT\LOGS\06-03-2017 %APPDATA%\OKRI.EXE %SYSDIR%\TASKS\UPDATE\OKRI Detected by UnHackMe: OKRI.EXE DEFAULT LOCATION: %APPDATA%\OKRI.EXE Dropper hash(md5): 0b0ceed8da4a78d6f4a89d85e16100c4 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Backdoor.Win32.Androm.mbac

Backdoor.Win32.Androm.mbac also known as Crypt_s.MJJ, Spyware.HawkEyeKeyLogger, malicious_confidence_95% (W). Malware Analysis of Backdoor.Win32.Androm.mbac – WINWORD016.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\TMP01.DLL %TEMP%\WINWORD016.EXE %APPDATA%\WINWORD016.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINWORD016: “%TEMP%\WINWORD016.EXE” Detected by UnHackMe: WINWORD016.EXE DEFAULT LOCATION: %TEMP%\WINWORD016.EXE Dropper hash(md5): 4f8bc14d0d85d02b37f17ce58682e06d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Backdoor:MSIL/Bladabindi.B

Backdoor:MSIL/Bladabindi.B also known as BehavesLike.Win32.BackdoorNJRat.mm, Generic.MSIL.Bladabindi.22A7DC09, BKDR_BLADABI.SMC. Malware Analysis of Backdoor:MSIL/Bladabindi.B – SYTSEM.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %TEMP%\SYTSEM.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FB5A84A65D842F0B451647ACD889EE6B: “”%TEMP%\SYTSEM.EXE” ..” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\FB5A84A65D842F0B451647ACD889EE6B: “”%TEMP%\SYTSEM.EXE” ..” Detected by UnHackMe: SYTSEM.EXE DEFAULT LOCATION: %TEMP%\SYTSEM.EXE Dropper hash(md5): ffb326040dfcfcb2f6b267a068a84a8d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

backdoor.msil.bladabindi.aj

backdoor.msil.bladabindi.aj also known as Trojan-Downloader.MSIL.Agent, Trojan.Win32.Generic!BT, TR/Dldr.Agent.undrk. Malware Analysis of backdoor.msil.bladabindi.aj – SSBDN.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %LOCAL APPDATA%\ECXHMDMTPQ\MSTRUST.EXE %APPDATA%\SSBDN.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\SSBDN: “%APPDATA%\SSBDN.EXE” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\TLWTJHHKUM: “%LOCAL APPDATA%\ECXHMD~1\MSTRUST.EXE” Detected by UnHackMe: SSBDN.EXE DEFAULT LOCATION: %APPDATA%\SSBDN.EXE Dropper hash(md5): 9300bdc4712b6a7e85a0b9b710fc1f13 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Backdoor.W32.SdBot

Backdoor.W32.SdBot also known as Trojan.Win32.Generic.pak!cobra, TR/TDSS.Gen2. Malware Analysis of Backdoor.W32.SdBot – VSOCMXNOBFKL.EXE Created files: %SYSTEMDRIVE%\USERS\_RECOVERY_+OSVWD.PNG %SYSTEMDRIVE%\USERS\_RECOVERY_+OSVWD.TXT %WINDIR%\VSOCMXNOBFKL.EXE %SYSTEMDRIVE%\BOOTSECT.BAK.MP3 Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\DURYFSP: “%SYSDIR%\CMD.EXE /C START %WINDIR%\VSOCMXNOBFKL.EXE” Detected by UnHackMe: VSOCMXNOBFKL.EXE Default location: %WinDir%\VSOCMXNOBFKL.EXE Dropper hash(md5): de41babc53c83b2edb14fc9133c00569 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

backdoor.win32.venik.j

backdoor.win32.venik.j also known as Trojan-Ransom.Win32.Foreign.gxos, Trojan/Foreign.ohy, Trojan.MalPack.ORPC. Malware Analysis of backdoor.win32.venik.j – ZEOG.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS MAIL\LOCAL FOLDERS\SENT ITEMS\WINMAIL.FOL %LOCAL APPDATA%\MICROSOFT\WINDOWS MAIL\MICROSOFT COMMUNITIES\ACCOUNT{3CC05103-59FD-466A-80E6-12486C131C6E}.OEACCOUNT %APPDATA%\GOIKI\ZEOG.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ZEOG: “%APPDATA%\GOIKI\ZEOG.EXE” Detected by UnHackMe: ZEOG.EXE DEFAULT LOCATION: %APPDATA%\GOIKI\ZEOG.EXE Dropper hash(md5): 5d15839404b06e18b939bf2a8bd05dba Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading

Backdoor.Ramnit.Win32.3063

Backdoor.Ramnit.Win32.3063 also known as Trojan ( 004deaac1 ), Trojan ( 004deaac1 ). Malware Analysis of Backdoor.Ramnit.Win32.3063 – WEBUPDT.EXE Created files: %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\README.TXT %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\RELEASE.TXT %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\WEB\WEBUPDT.EXE %WINDIR%\MY 7 ADD-ON\CPL\RUNALYZER\LANGUAGES\BELARUSSKIY.BAL %WINDIR%\MY 7 ADD-ON\CPL\RUNALYZER\LANGUAGES\DEUTSCH.BAL Detected by UnHackMe: WEBUPDT.EXE Default location: %WinDir%\MY 7 ADD-ON\CPL\PC WIZARD\WEB\WEBUPDT.EXE Dropper hash(md5): 8cb9447da03e91d16f4428d3e18bfb7c Share This: UnHackMe removes…

Continue reading

Backdoor.Ramnit.Win32.2996

Backdoor.Ramnit.Win32.2996 also known as Trojan/Dropper.gen. Malware Analysis of Backdoor.Ramnit.Win32.2996 – PCWIZGFX.DLL Created files: %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZDX.DLL %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZDXB.DLL %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZGFX.DLL %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZHID.DLL %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZKBM.DLL Detected by UnHackMe: PCWIZGFX.DLL Default location: %WinDir%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZGFX.DLL Dropper hash(md5): 8cb9447da03e91d16f4428d3e18bfb7c Share This: UnHackMe removes malware invisible for your antivirus!…

Continue reading

Backdoor.Ramnit.Win32.3596

Malware Analysis of Backdoor.Ramnit.Win32.3596 – PCWIZMDL.DLL Created files: %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZKBM.DLL %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZLCD.DLL %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZMDL.DLL %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZMP3.DLL %WINDIR%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZOSD.DLL Detected by UnHackMe: PCWIZMDL.DLL Default location: %WinDir%\MY 7 ADD-ON\CPL\PC WIZARD\PCWIZMDL.DLL Dropper hash(md5): 8cb9447da03e91d16f4428d3e18bfb7c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading

Backdoor/Win32.Zegost.N2024014039

Backdoor/Win32.Zegost.N2024014039 also known as W32.RansomwareTQB.Trojan, Trojan.Win32.Generic!SB.0, Trojan.Win32.Generic!SB.0. MALWARE ANALYSIS OF BACKDOOR/WIN32.ZEGOST.N2024014039 – FFBD2D2AE7B7D75F9D7143115DE1C1D8.EXE Created files: %TEMP%\36ACC673201609ABCCEBA535EA70B3B4.JSON %SYSDIR%\FFBD2D2AE7B7D75F9D7143115DE1C1D8.EXE %SYSDIR%\VMTOOLSD.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\79\IMAGEPATH: “%SYSDIR%\FFBD2D2AE7B7D75F9D7143115DE1C1D8.EXE” HKLM\System\CurrentControlSet\services\79\DisplayName: “Microsoft Software 79” Detected by UnHackMe: FFBD2D2AE7B7D75F9D7143115DE1C1D8.EXE DEFAULT LOCATION: %SYSDIR%\FFBD2D2AE7B7D75F9D7143115DE1C1D8.EXE Dropper hash(md5): ffbd2d2ae7b7d75f9d7143115de1c1d8 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Backdoor.Ghoster.Win32.40

Backdoor.Ghoster.Win32.40 also known as Tool-CHP, RiskWare.CHP, Unwanted-Program ( 0049ebb41 ). Malware Analysis of Backdoor.Ghoster.Win32.40 – HREWNF.EXE Created files: %WINDIR%\GDWSLK %WINDIR%\GRUBER.EXE %WINDIR%\HREWNF.EXE %WINDIR%\JHNDSN %WINDIR%\LOADERMASTER.EXE Autostart registry keys: HKLM\Software\Google\Chrome\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\update_url: “https://clients2.google.com/service/update2/crx” HKLM\Software\Google\Chrome\Extensions\ikdlehiegikpggplngbmpdgnidekfmjn\update_url: “https://clients2.google.com/service/update2/crx” HKLM\Software\Google\Chrome\Extensions\hkdmihdclhhoghpojiifklmegjnjkdlh\update_url: “https://clients2.google.com/service/update2/crx” HKLM\Software\Google\Chrome\Extensions\gccplojjfpdbeidicabkegekmcplafee\update_url: “https://clients2.google.com/service/update2/crx” HKLM\Software\Google\Chrome\Extensions\eoepodkgpakekgncgnfnijcippobokhp\update_url: “https://clients2.google.com/service/update2/crx” HKLM\Software\Google\Chrome\Extensions\clmghkfhfkcfhpccgbafbailibgogkbi\update_url: “https://clients2.google.com/service/update2/crx” HKLM\Software\Google\Chrome\Extensions\cckdoammdligdedbakcgnmegjljgipjb\update_url: “https://clients2.google.com/service/update2/crx” HKLM\Software\Google\Chrome\Extensions\akhdblbjebmbllhinponghfmaekhlhob\update_url: “https://clients2.google.com/service/update2/crx” HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\DisplayName: “Local Group Policy” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MoneyFriend1.0\DisplayName: “MoneyFriend” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MoneyFriend1.0\UninstallString: “”%Program Files%\MoneyFriend\uninstall.exe” “/U:%Program Files%\MoneyFriend\Uninstall\uninstall.xml”” HKLM\Software\WOW6432Node\Google\Chrome\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc\update_url:…

Continue reading

Win32/Backdoor.c05

Win32/Backdoor.c05 also known as Look2Me (v), Adware.Win32.645F8475, Adware ( 0001196a1 ). Malware Analysis of Win32/Backdoor.c05 – FGST30.DLL Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\1033\STRUCTUREDQUERYSCHEMA.BIN %SYSDIR%\AQCESSIBILITYCPL.DLL %SYSDIR%\FGST30.DLL %SYSDIR%\IMCLASS.DLL %SYSDIR%\MFIAVI32.DLL Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{3858998F-4367-46EF-99F6-9BD76440132E}\INPROCSERVER32\: “%SYSDIR%\MFIAVI32.DLL” HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ADAPTIVEDISPLAYBRIGHTNESS\DLLNAME: “%SYSDIR%\MFIAVI32.DLL” Detected by UnHackMe: FGST30.DLL Default location: %SYSDIR%\FGST30.DLL Dropper hash(md5): a3f3375c24bcfa0d187639d674de6ee7 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading

Backdoor.Win32.ServStart.Gen.A[h]

Backdoor.Win32.ServStart.Gen.A[h] also known as Win32/Trojan.69d, Win32.Trojan.Obfuscator.Wrgd, Trojan.ServStart. Malware Analysis of Backdoor.Win32.ServStart.Gen.A[h] – UUSMUI.EXE Created files: %TEMP%\6A298489B7562C9E2C0163A571C4DD81.JSON %WINDIR%\UUSMUI.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MNOSDXCPQR TUDVWXCYDAB DSDEFD\IMAGEPATH: “%WINDIR%\UUSMUI.EXE” HKLM\System\CurrentControlSet\services\Mnosdxcpqr Tudvwxcydab Dsdefd\DisplayName: “Mnfzoxcpqr Tuvwxvxyab Deffgvhijk Mncovp” Detected by UnHackMe: UUSMUI.EXE Default location: %WinDir%\UUSMUI.EXE Dropper hash(md5): da33aa770d709dd179b0db617115818c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading

Backdoor.Nitol

Backdoor.Nitol also known as TROJ_NITOL.SMN1, TROJ_NITOL.SMN1, Trojan[:HEUR]/Win32.AGeneric. Malware Analysis of Backdoor.Nitol – UUSMUI.EXE Created files: %TEMP%\6A298489B7562C9E2C0163A571C4DD81.JSON %WINDIR%\UUSMUI.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MNOSDXCPQR TUDVWXCYDAB DSDEFD\IMAGEPATH: “%WINDIR%\UUSMUI.EXE” HKLM\System\CurrentControlSet\services\Mnosdxcpqr Tudvwxcydab Dsdefd\DisplayName: “Mnfzoxcpqr Tuvwxvxyab Deffgvhijk Mncovp” Detected by UnHackMe: UUSMUI.EXE Default location: %WinDir%\UUSMUI.EXE Dropper hash(md5): da33aa770d709dd179b0db617115818c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading

BackDoor-FBOD!DA33AA770D70

BackDoor-FBOD!DA33AA770D70 also known as Win32/Trojan.69d, Generic.ServStart.BD76B99E, Generic.ServStart.B7780766. Malware Analysis of BackDoor-FBOD!DA33AA770D70 – UUSMUI.EXE Created files: %TEMP%\6A298489B7562C9E2C0163A571C4DD81.JSON %WINDIR%\UUSMUI.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MNOSDXCPQR TUDVWXCYDAB DSDEFD\IMAGEPATH: “%WINDIR%\UUSMUI.EXE” HKLM\System\CurrentControlSet\services\Mnosdxcpqr Tudvwxcydab Dsdefd\DisplayName: “Mnfzoxcpqr Tuvwxvxyab Deffgvhijk Mncovp” Detected by UnHackMe: UUSMUI.EXE Default location: %WinDir%\UUSMUI.EXE Dropper hash(md5): da33aa770d709dd179b0db617115818c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading

Backdoor.Androm.lds

Backdoor.Androm.lds also known as TROJ_FORUCON.BMC, Gen:Variant.Zusy.209134, Gen:Variant.Zusy.209134. Malware Analysis of Backdoor.Androm.lds – 2ZMIPL14BZBR.EXE Created files: %APPDATA%\PID.TXT %APPDATA%\PIDLOC.TXT %APPDATA%\STARTER\2ZMIPL14BZBR.EXE %APPDATA%\WINDOWSUPDATE.EXE Detected by UnHackMe: 2ZMIPL14BZBR.EXE DEFAULT LOCATION: %APPDATA%\STARTER\2ZMIPL14BZBR.EXE Dropper hash(md5): e5b1b0fbd7068c89bff4c927e27a0b95 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Backdoor.W32.Runagry!c

Backdoor.W32.Runagry!c also known as Trojan/Win32.TSGeneric, Gen:Variant.Zusy.207705 (B), Backdoor.Runagry. Malware Analysis of Backdoor.W32.Runagry!c – MBTIUPV32.EXE Created files: %TEMP%\6A298489B7562C9E2C0163A571C4DD81.JSON %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIUPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BTIV\DisplayName: “Windows Desktop MBT Icons Ver 6.1.1.4” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BTIV\UNINSTALLSTRING: “%LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE” Detected by UnHackMe: MBTIUPV32.EXE DEFAULT LOCATION: %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIUPV32.EXE Dropper…

Continue reading

Backdoor.W32.Runagry.lEMt

Backdoor.W32.Runagry.lEMt also known as Adware ( 004c4e741 ), TROJ_GEN.R08NC0EKT16, Adware ( 004c4e741 ). Malware Analysis of Backdoor.W32.Runagry.lEMt – MBTIPV32.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012017012720170128\CONTAINER.DAT %TEMP%\6A298489B7562C9E2C0163A571C4DD81.JSON %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIUPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BTIV\DisplayName: “Windows Desktop MBT Icons Ver 6.1.1.4” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BTIV\UNINSTALLSTRING: “%LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE” Detected by UnHackMe: MBTIPV32.EXE…

Continue reading

Backdoor.RunagryCRTD.Win32.6074

Backdoor.RunagryCRTD.Win32.6074 also known as Luhe.Fiha.A, PUA.CloverPlus!, Gen:Variant.Zusy.207815. Malware Analysis of Backdoor.RunagryCRTD.Win32.6074 – MBTIPV32.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012017012720170128\CONTAINER.DAT %TEMP%\6A298489B7562C9E2C0163A571C4DD81.JSON %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIUPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BTIV\DisplayName: “Windows Desktop MBT Icons Ver 6.1.1.4” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BTIV\UNINSTALLSTRING: “%LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE” Detected by UnHackMe: MBTIPV32.EXE DEFAULT LOCATION: %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIPV32.EXE…

Continue reading

Win32.Backdoor.Runagry.Hwcm

Win32.Backdoor.Runagry.Hwcm also known as Riskware/CloverPlus, Win32:Adware-gen [Adw], PUP/Win32.CloverPlus.C610131. Malware Analysis of Win32.Backdoor.Runagry.Hwcm – MBTIUPV32.EXE Created files: %TEMP%\6A298489B7562C9E2C0163A571C4DD81.JSON %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIUPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BTIV\DisplayName: “Windows Desktop MBT Icons Ver 6.1.1.4” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BTIV\UNINSTALLSTRING: “%LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE” Detected by UnHackMe: MBTIUPV32.EXE DEFAULT LOCATION: %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIUPV32.EXE Dropper…

Continue reading

Backdoor.Runagry

Backdoor.Runagry also known as Riskware/CloverPlus, Gen:Variant.Zusy.207705, Adware.CloverPlus/Variant. Malware Analysis of Backdoor.Runagry – MBTIUPV32.EXE Created files: %TEMP%\6A298489B7562C9E2C0163A571C4DD81.JSON %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIUPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BTIV\DisplayName: “Windows Desktop MBT Icons Ver 6.1.1.4” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BTIV\UNINSTALLSTRING: “%LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE” Detected by UnHackMe: MBTIUPV32.EXE DEFAULT LOCATION: %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIUPV32.EXE Dropper hash(md5):…

Continue reading

Backdoor.Runagry.d

Backdoor.Runagry.d also known as Trojan.DownLoader22.53951, Win32:Adware-gen [Adw], not-a-virus:AdWare.CloverPlus. Malware Analysis of Backdoor.Runagry.d – MBTIUPV32.EXE Created files: %TEMP%\6A298489B7562C9E2C0163A571C4DD81.JSON %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIUPV32.EXE %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BTIV\DisplayName: “Windows Desktop MBT Icons Ver 6.1.1.4” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BTIV\UNINSTALLSTRING: “%LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIVUNINSTALL.EXE” Detected by UnHackMe: MBTIUPV32.EXE DEFAULT LOCATION: %LOCAL APPDATA%\WINDOWS MBT ICONS\MBTIUPV32.EXE Dropper…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera