Win32.Backdoor.Androm.Crg also known as Trojan.Gen, Artemis!0258431EA770, Autoit2_c.RIU. Malware Analysis of Win32.Backdoor.Androm.Crg – BIOAP.EXE Created files: %SYSDIR%\BIOAP\BIOAP.EXE Autostart registry keys: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VMware Tools: “”%Program Files%\VMware\VMware Tools\VMwareTray.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VMware User Process: “”%Program Files%\VMware\VMware Tools\vmtoolsd.exe” -n vmusr” Detected by UnHackMe: BIOAP.EXE Default location: %SYSDIR%\BIOAP\BIOAP.EXE Dropper hash(md5): 0258431ea7704becac90b3ecef4a0db0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading →

Backdoor.Win32.Agent.icmzz also known as Trojan:Win32/Dynamer!ac, Trojan.Gen, Trojan.GenericKD.3645268. Malware Analysis of Backdoor.Win32.Agent.icmzz – BIOAP.EXE Created files: %SYSDIR%\BIOAP\BIOAP.EXE Autostart registry keys: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VMware Tools: “”%Program Files%\VMware\VMware Tools\VMwareTray.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VMware User Process: “”%Program Files%\VMware\VMware Tools\vmtoolsd.exe” -n vmusr” Detected by UnHackMe: BIOAP.EXE Default location: %SYSDIR%\BIOAP\BIOAP.EXE Dropper hash(md5): 0258431ea7704becac90b3ecef4a0db0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading →

Backdoor.Androm!8.113-G7dMj3aIP1S (cloud) also known as Backdoor.W32.Androm!c, trojan.win32.autinject.sk, Win32:Malware-gen. Malware Analysis of Backdoor.Androm!8.113-G7dMj3aIP1S (cloud) – BIOAP.EXE Created files: %SYSDIR%\BIOAP\BIOAP.EXE Autostart registry keys: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VMware Tools: “”%Program Files%\VMware\VMware Tools\VMwareTray.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VMware User Process: “”%Program Files%\VMware\VMware Tools\vmtoolsd.exe” -n vmusr” Detected by UnHackMe: BIOAP.EXE Default location: %SYSDIR%\BIOAP\BIOAP.EXE Dropper hash(md5): 0258431ea7704becac90b3ecef4a0db0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

Backdoor.Farfli.rc also known as Trojan-Ransom.TeslaCrypt, Trojan.Win32.Generic!BT, Trojan[Ransom]/Win32.Bitman. Malware Analysis of Backdoor.Farfli.rc – GKPTVBNRIOXG.EXE Created files: %SYSTEMDRIVE%\USERS\RECOVERY+PWJQW.PNG %SYSTEMDRIVE%\USERS\RECOVERY+PWJQW.TXT %WINDIR%\GKPTVBNRIOXG.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\TLNCGPATKRRM: “%SYSDIR%\CMD.EXE /C START “” “%WINDIR%\GKPTVBNRIOXG.EXE”” Detected by UnHackMe: GKPTVBNRIOXG.EXE Default location: %WinDir%\GKPTVBNRIOXG.EXE Dropper hash(md5): 12188893da9108936cef31a869ec7d33 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

backdoor.win32.fynloski.a also known as TROJ_GE.DD3F2359, Win32.Trojan.WisdomEyes.16070401.9500.9608, Unwanted-Program ( 004ccfb01 ). Malware Analysis of backdoor.win32.fynloski.a – DINGOLOADERNEW.EXE Created files: %TEMP%\RARSFX0\DSQLOADER.EXE %TEMP%\RARSFX0\JLIBRARY.DLL %PROFILE%\DESKTOP\DINGOLOADERNEW.EXE %SYSTEMDRIVE%\H.TXT Detected by UnHackMe: DINGOLOADERNEW.EXE DEFAULT LOCATION: %PROFILE%\DESKTOP\DINGOLOADERNEW.EXE Dropper hash(md5): 0b78e260b76f588868de90f46e2df8ac UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Backdoor.Farfli!1.64B3-V9yiVx0aq2V (cloud) also known as Gen:Variant.Zusy.211679, Trojan.Win32.Redosdru, W32/Fusing.BB!tr. Malware Analysis of Backdoor.Farfli!1.64B3-V9yiVx0aq2V (cloud) – EKAOYWI.EXE Created files: %Program Files%\Microsoft Fggjje\Ekaoywi.exe Autostart registry keys: HKLM\System\CurrentControlSet\services\Wskmuu uasdsadascqakiys\ImagePath: “%Program Files%\Microsoft Fggjje\Ekaoywi.exe” HKLM\System\CurrentControlSet\services\Wskmuu uasdsadascqakiys\DisplayName: “Vahyqj yasdasczende” Detected by UnHackMe: EKAOYWI.EXE Default location: %PROGRAM FILES%\MICROSOFT FGGJJE\EKAOYWI.EXE Dropper hash(md5): 0df052366e76a006afcc3a547142ccd7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with…

Continue reading →

Backdoor.Win32.Farfli.anym also known as Gen:Variant.Zusy.211679, Gen.Variant.Zusy!c, Gen:Variant.Zusy.211679. Malware Analysis of Backdoor.Win32.Farfli.anym – EKAOYWI.EXE Created files: %Program Files%\Microsoft Fggjje\Ekaoywi.exe Autostart registry keys: HKLM\System\CurrentControlSet\services\Wskmuu uasdsadascqakiys\ImagePath: “%Program Files%\Microsoft Fggjje\Ekaoywi.exe” HKLM\System\CurrentControlSet\services\Wskmuu uasdsadascqakiys\DisplayName: “Vahyqj yasdasczende” Detected by UnHackMe: EKAOYWI.EXE Default location: %PROGRAM FILES%\MICROSOFT FGGJJE\EKAOYWI.EXE Dropper hash(md5): 0df052366e76a006afcc3a547142ccd7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus…

Continue reading →

Backdoor/Win32.Farfli.N2155411846 also known as W32/Fusing.BB!tr, Gen:Variant.Zusy.211679 (B), W32/Trojan.OPNK-0273. Malware Analysis of Backdoor/Win32.Farfli.N2155411846 – EKAOYWI.EXE Created files: %Program Files%\Microsoft Fggjje\Ekaoywi.exe Autostart registry keys: HKLM\System\CurrentControlSet\services\Wskmuu uasdsadascqakiys\ImagePath: “%Program Files%\Microsoft Fggjje\Ekaoywi.exe” HKLM\System\CurrentControlSet\services\Wskmuu uasdsadascqakiys\DisplayName: “Vahyqj yasdasczende” Detected by UnHackMe: EKAOYWI.EXE Default location: %PROGRAM FILES%\MICROSOFT FGGJJE\EKAOYWI.EXE Dropper hash(md5): 0df052366e76a006afcc3a547142ccd7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading →

Backdoor.Krap.Win32.12815 also known as PUA.Win32.OutBrowse.BP, RiskWare[Downloader]/NSIS.OutBrowse.by, Trojan.OutBrowse.59. Malware Analysis of Backdoor.Krap.Win32.12815 – IIX.DLL Created files: %TEMP%\WER6DE0.TMP.MDMP %TEMP%\BCCJCABECBBGB.EXE %TEMP%\NSJE252.TMP\IIX.DLL %TEMP%\NSJE252.TMP\NSISUNZ.DLL %TEMP%\WER2F96.TMP.WERINTERNALMETADATA.XML Detected by UnHackMe: IIX.DLL DEFAULT LOCATION: %TEMP%\NSJE252.TMP\IIX.DLL Dropper hash(md5): 1788fda814411afa1a81b28c65aac05d UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

backdoor.msil.bladabindi.b also known as Trojan.Win32.Generic!BT, Trojan ( 004da79d1 ). Malware Analysis of backdoor.msil.bladabindi.b – 368FC7F563096AD51849F0D2C298FC08.EXE Created files: %PROFILE%\IDH DO WINDOWS.EXE %SYSDIR%\TASKS\ADOBE %STARTUP%\368FC7F563096AD51849F0D2C298FC08.EXE %STARTUP%\SKYPE.LNK %APPDATA%\SKYPE.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\368FC7F563096AD51849F0D2C298FC08: “”%APPDATA%\SKYPE.EXE” ..” Detected by UnHackMe: 368FC7F563096AD51849F0D2C298FC08.EXE DEFAULT LOCATION: %STARTUP%\368FC7F563096AD51849F0D2C298FC08.EXE Dropper hash(md5): 122a06f20fb0c7b5085f574ce3b90e36 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

BehavesLike.Win32.Backdoor.tt also known as Gen:Variant.MSIL.Mensa.2, Generic Malware, Win32.Trojan.Generic.Eoi. Malware Analysis of BehavesLike.Win32.Backdoor.tt – INTELPROCESS.EXE Created files: %Program Files%\IntelFold\IntelProcess.exe %TEMP%\SVHOST.EXE %APPDATA%\INT\GUARD\1 Detected by UnHackMe: INTELPROCESS.EXE Default location: %PROGRAM FILES%\INTELFOLD\INTELPROCESS.EXE Dropper hash(md5): 0754fec922152cb567e37673832c37e6 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Backdoor.Androm!dZ8GgRthnHY also known as Win32.Backdoor.Androm.Eacv, Ransom.TorrentLocker, Malware.Heuristic!ET-dZOd8125Y2H (cloud). Malware Analysis of Backdoor.Androm!dZ8GgRthnHY – FZETEQIQ.EXE Created files: %COMMON APPDATA%\UJAPIXYNAWOZEBUR\ANEKIVEB %COMMON APPDATA%\UJAPIXYNAWOZEBUR\ODEKULEB %COMMON APPDATA%\UJAPIXYNAWOZEBUR\YNEKAPEB %WINDIR%\FZETEQIQ.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\HDOSOVBT: “”%WINDIR%\FZETEQIQ.EXE”” Detected by UnHackMe: FZETEQIQ.EXE Default location: %WinDir%\FZETEQIQ.EXE Dropper hash(md5): f149ef9d29f2bb2cde4a2b7e1dcbaa19 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Backdoor.Androm.Win32.37110 also known as Trojan.GenericKD.3544409, Trojan ( 004e24c81 ), Trojan.Win32.Generic!BT. Malware Analysis of Backdoor.Androm.Win32.37110 – FZETEQIQ.EXE Created files: %COMMON APPDATA%\UJAPIXYNAWOZEBUR\ANEKIVEB %COMMON APPDATA%\UJAPIXYNAWOZEBUR\ODEKULEB %COMMON APPDATA%\UJAPIXYNAWOZEBUR\YNEKAPEB %WINDIR%\FZETEQIQ.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\HDOSOVBT: “”%WINDIR%\FZETEQIQ.EXE”” Detected by UnHackMe: FZETEQIQ.EXE Default location: %WinDir%\FZETEQIQ.EXE Dropper hash(md5): f149ef9d29f2bb2cde4a2b7e1dcbaa19 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

Win32.Backdoor.Androm.Eacv also known as Trojan.PWS.Siggen1.57404, Trojan.GenericKD.3544409, W32/Trojan.FMKM-0666. Malware Analysis of Win32.Backdoor.Androm.Eacv – FZETEQIQ.EXE Created files: %COMMON APPDATA%\UJAPIXYNAWOZEBUR\ANEKIVEB %COMMON APPDATA%\UJAPIXYNAWOZEBUR\ODEKULEB %COMMON APPDATA%\UJAPIXYNAWOZEBUR\YNEKAPEB %WINDIR%\FZETEQIQ.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\HDOSOVBT: “”%WINDIR%\FZETEQIQ.EXE”” Detected by UnHackMe: FZETEQIQ.EXE Default location: %WinDir%\FZETEQIQ.EXE Dropper hash(md5): f149ef9d29f2bb2cde4a2b7e1dcbaa19 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Backdoor.Androm.knh also known as Trojan.Win32.Filecoder, Trojan.GenericKD.3544409, Trojan/Win32.Teerac.C1663980. Malware Analysis of Backdoor.Androm.knh – FZETEQIQ.EXE Created files: %COMMON APPDATA%\UJAPIXYNAWOZEBUR\ANEKIVEB %COMMON APPDATA%\UJAPIXYNAWOZEBUR\ODEKULEB %COMMON APPDATA%\UJAPIXYNAWOZEBUR\YNEKAPEB %WINDIR%\FZETEQIQ.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\HDOSOVBT: “”%WINDIR%\FZETEQIQ.EXE”” Detected by UnHackMe: FZETEQIQ.EXE Default location: %WinDir%\FZETEQIQ.EXE Dropper hash(md5): f149ef9d29f2bb2cde4a2b7e1dcbaa19 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Malware Analysis of Backdoor/Delf.yvd – AMULEGUI.EXE Created files: %Program Files%\aMule\amulecmd.exe %Program Files%\aMule\amuled.exe %Program Files%\aMule\amulegui.exe %Program Files%\aMule\amuleweb.exe %Program Files%\aMule\docs\amulesig.txt Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\aMule\DisplayName: “aMule” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\aMule\UninstallString: “%Program Files%\aMule\uninstall.exe” Detected by UnHackMe: AMULEGUI.EXE Default location: %PROGRAM FILES%\AMULE\AMULEGUI.EXE Dropper hash(md5): db283a14afb2ee1548e29346ad0d8490 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Backdoor.PePatch.Win32.69512 also known as Trojan.Crossrider.3, Malware.Generic!NYXAcnr68hQ@5 (thunder), Skodna.Generic.AOQ. Malware Analysis of Backdoor.PePatch.Win32.69512 – 1QFQFTB.EXE Created files: %APPDATA%\MOZILLA\FIREFOX\PROFILES\RPORE73W.DEFAULT\EXTENSIONS\STAGED\IODZF.20ZW@IUCTHOZ-QZBUE.NET\INSTALL.RDF %COMMON APPDATA%\DOWUNLOAD KAEEPER\1QFQFTB.DAT %COMMON APPDATA%\DOWUNLOAD KAEEPER\1QFQFTB.EXE %COMMON APPDATA%\DOWUNLOAD KAEEPER\VAJIKD.DAT %COMMON APPDATA%\DOWUNLOAD KAEEPER\VAJIKD.DLL Detected by UnHackMe: 1QFQFTB.EXE DEFAULT LOCATION: %COMMON APPDATA%\DOWUNLOAD KAEEPER\1QFQFTB.EXE Dropper hash(md5): 8dbfb344ad5094d0399df0bb5e18bb0d UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading →

Backdoor.Win32.Vawtrak also known as Trojan.Papras.Win32.5830, BKDR_VAWTRAK.YUYKA. Malware Analysis of Backdoor.Win32.Vawtrak – ZEYYUF.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\3F7E3768-2F04-4297-8B62-2495E0CD7802 %APPDATA%\KOVIXKO\ZEYYUF.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\{8FF7BE64-CD01-4582-90DB-5CD077DD47CE}: “”%APPDATA%\KOVIXKO\ZEYYUF.EXE”” Detected by UnHackMe: ZEYYUF.EXE DEFAULT LOCATION: %APPDATA%\KOVIXKO\ZEYYUF.EXE Dropper hash(md5): a7c3ae050fce663499f78bcfeea59399 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Backdoor.Win32.NetWiredRC.cvk also known as TR/Spy.Gen, Trojan/Win32.SGeneric, Multi:Wirenet-B [Trj]. Malware Analysis of Backdoor.Win32.NetWiredRC.cvk – OKW.EXE Created files: %Program Files%\Google\Chrome\Application\54.0.2840.99\WidevineCdm\_platform_specific\win_x86\widevinecdm.dll %Program Files%\Google\Chrome\Application\54.0.2840.99\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll %TEMP%\RARSFX1\OKW.EXE %APPDATA%\INSTALL\.IDENTIFIER %APPDATA%\INSTALL\EXCELS.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{LALB6O80-5YP7-BJK8-IG35-420CF284BJ7D}\STUBPATH: “”%APPDATA%\INSTALL\EXCELS.EXE”” Detected by UnHackMe: OKW.EXE DEFAULT LOCATION: %TEMP%\RARSFX1\OKW.EXE Dropper hash(md5): f3de1acbf1171abdb10a3d8b37cc3661 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

Backdoor:Win32/Vawtrak.E also known as Malware.XPACK-HIE/Heur!1.9C48-TkldmLNfbTD (Cloud), Trojan.Generic.D34C15C, Win32:Malware-gen. Malware Analysis of Backdoor:Win32/Vawtrak.E – ZEYYUF.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\3F7E3768-2F04-4297-8B62-2495E0CD7802 %APPDATA%\KOVIXKO\ZEYYUF.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\{8FF7BE64-CD01-4582-90DB-5CD077DD47CE}: “”%APPDATA%\KOVIXKO\ZEYYUF.EXE”” Detected by UnHackMe: ZEYYUF.EXE DEFAULT LOCATION: %APPDATA%\KOVIXKO\ZEYYUF.EXE Dropper hash(md5): a7c3ae050fce663499f78bcfeea59399 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

BackDoor.Wirenet.167 also known as Backdoor.Bot, W32/Heuristic-171!Eldorado, QVM20.1.Malware.Gen. Malware Analysis of BackDoor.Wirenet.167 – OKW.EXE Created files: %Program Files%\Google\Chrome\Application\54.0.2840.99\WidevineCdm\_platform_specific\win_x86\widevinecdm.dll %Program Files%\Google\Chrome\Application\54.0.2840.99\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll %TEMP%\RARSFX1\OKW.EXE %APPDATA%\INSTALL\.IDENTIFIER %APPDATA%\INSTALL\EXCELS.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS\{LALB6O80-5YP7-BJK8-IG35-420CF284BJ7D}\STUBPATH: “”%APPDATA%\INSTALL\EXCELS.EXE”” Detected by UnHackMe: OKW.EXE DEFAULT LOCATION: %TEMP%\RARSFX1\OKW.EXE Dropper hash(md5): f3de1acbf1171abdb10a3d8b37cc3661 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

Backdoor.Vawtrak also known as W32/Malicious_Behavior.VEX, Trojan.GenericKD.3457372, Trojan.PWS.Papras.2282. Malware Analysis of Backdoor.Vawtrak – ZEYYUF.EXE Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\3F7E3768-2F04-4297-8B62-2495E0CD7802 %APPDATA%\KOVIXKO\ZEYYUF.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\{8FF7BE64-CD01-4582-90DB-5CD077DD47CE}: “”%APPDATA%\KOVIXKO\ZEYYUF.EXE”” Detected by UnHackMe: ZEYYUF.EXE DEFAULT LOCATION: %APPDATA%\KOVIXKO\ZEYYUF.EXE Dropper hash(md5): a7c3ae050fce663499f78bcfeea59399 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

BackDoor-FDGQ!A72ABA27511B also known as Gen:Variant.Symmi.7107, Dropper.Dapato.Win32.28612, Troj.W32.Generic!c. Malware Analysis of BackDoor-FDGQ!A72ABA27511B – UPDATECHROME.EXE Created files: %APPDATA%\UPDATECHROME.EXE Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\UpdateChrome.exe: “” Detected by UnHackMe: UPDATECHROME.EXE DEFAULT LOCATION: %APPDATA%\UPDATECHROME.EXE Dropper hash(md5): a72aba27511b7b323b3f3734b31034f6 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Backdoor/Win32.Farfli.R119148 also known as Win32:Malware-gen, RDN/Generic Dropper, Trojan.Win32.Staser.anbya. Malware Analysis of Backdoor/Win32.Farfli.R119148 – SYSEDMT.EXE Created files: %WINDIR%\TEMP\CR_32CBE.TMP\SETUP.EXE %WINDIR%\TEMP\CR_32CBE.TMP\SETUP_PATCH.PACKED.7Z %WINDIR%\SYSEDMT.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KILLALLQFS WEB SERVICE\IMAGEPATH: “%WINDIR%\SYSEDMT.EXE” HKLM\System\CurrentControlSet\services\KillAllqfs web Service\DisplayName: “WebSystemkye” Detected by UnHackMe: SYSEDMT.EXE Default location: %WinDir%\SYSEDMT.EXE Dropper hash(md5): 8587e9fadb229819a3d173f06a157781 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

Backdoor.Ramnit.Win32.1981 also known as Virus.Gen!c. Malware Analysis of Backdoor.Ramnit.Win32.1981 – FILEUPLOAD.EXE Created files: %APPDATA%\BAIDU\BAIDUYUNGUANJIA\DUIENGINE LICENSE.TXT %APPDATA%\BAIDU\BAIDUYUNGUANJIA\EXIV2.DLL %APPDATA%\BAIDU\BAIDUYUNGUANJIA\FILEUPLOAD.EXE %APPDATA%\BAIDU\BAIDUYUNGUANJIA\GUANJIA_LOGO.ICO %APPDATA%\BAIDU\BAIDUYUNGUANJIA\HELPUTILITY.EXE Detected by UnHackMe: FILEUPLOAD.EXE DEFAULT LOCATION: %APPDATA%\BAIDU\BAIDUYUNGUANJIA\FILEUPLOAD.EXE Dropper hash(md5): a7e3b1a5bc39610a236dcefc0d01c77e UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Win32/Backdoor.709 also known as Trojan.Win32.Generic!BT, Trj/GdSda.A, Trojan.Win32.Z.Symmi.625664.AK[h]. Malware Analysis of Win32/Backdoor.709 – UPDATECHROME.EXE Created files: %APPDATA%\UPDATECHROME.EXE Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\UpdateChrome.exe: “” Detected by UnHackMe: UPDATECHROME.EXE DEFAULT LOCATION: %APPDATA%\UPDATECHROME.EXE Dropper hash(md5): a72aba27511b7b323b3f3734b31034f6 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Malware Analysis of Backdoor.Ramnit.Win32.3487 – EXIV2.DLL Created files: %APPDATA%\BAIDU\BAIDUYUNGUANJIA\CROSSDOMAIN.XML %APPDATA%\BAIDU\BAIDUYUNGUANJIA\DUIENGINE LICENSE.TXT %APPDATA%\BAIDU\BAIDUYUNGUANJIA\EXIV2.DLL %APPDATA%\BAIDU\BAIDUYUNGUANJIA\FILEUPLOAD.EXE %APPDATA%\BAIDU\BAIDUYUNGUANJIA\GUANJIA_LOGO.ICO Detected by UnHackMe: EXIV2.DLL DEFAULT LOCATION: %APPDATA%\BAIDU\BAIDUYUNGUANJIA\EXIV2.DLL Dropper hash(md5): a7e3b1a5bc39610a236dcefc0d01c77e UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware,…

Continue reading →

Backdoor.W32.Kasidet.mwlW also known as Trojan.Agent.BQTE (B), Ransom:Win32/Tescrypt.D, Trojan.Agent.BQTE. Malware Analysis of Backdoor.W32.Kasidet.mwlW – FVPUXOMRFNIS.EXE Created files: %WINDIR%\TEMP\CR_99CA3.TMP\SETUP_PATCH.PACKED.7Z %WINDIR%\TEMP\D180.TMP %WINDIR%\FVPUXOMRFNIS.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\VEEGAASSCQSR: “%SYSDIR%\CMD.EXE /C START “” “%WINDIR%\FVPUXOMRFNIS.EXE”” Detected by UnHackMe: FVPUXOMRFNIS.EXE Default location: %WinDir%\FVPUXOMRFNIS.EXE Dropper hash(md5): a960e01ec74de72f00dce96480fde382 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Heur:Backdoor/Delf also known as TROJ_GEN.R047C0FGN16, Trojan.Win32.Z.Symmi.625664.AK[h], Win32.Trojan.Spy.Lkxe. Malware Analysis of Heur:Backdoor/Delf – UPDATECHROME.EXE Created files: %APPDATA%\UPDATECHROME.EXE Autostart registry keys: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\UpdateChrome.exe: “” Detected by UnHackMe: UPDATECHROME.EXE DEFAULT LOCATION: %APPDATA%\UPDATECHROME.EXE Dropper hash(md5): a72aba27511b7b323b3f3734b31034f6 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Win32.Backdoor.Androm.Ehho also known as Backdoor/Win32.Androm.N2120426947, Backdoor.Win32.Androm.kxzd, Trojan.DownLoader14.35508. Malware Analysis of Win32.Backdoor.Androm.Ehho – RYJRVOLP.EXE Created files: %APPDATA%\PICS.RAR %APPDATA%\QILXZCTHB\RYJRVOLP.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\RYJRVOLP: “”%APPDATA%\QILXZCTHB\RYJRVOLP.EXE”” Detected by UnHackMe: RYJRVOLP.EXE DEFAULT LOCATION: %APPDATA%\QILXZCTHB\RYJRVOLP.EXE Dropper hash(md5): fbd01573c5f69e8be7e80123f8646fef UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →