Backdoor.Win32.Androm.kxzd also known as TROJ_GEN.R072C0DJ516, Trojan[Backdoor]/Win32.Androm, Gen:Variant.MSILPerseus.54778. Malware Analysis of Backdoor.Win32.Androm.kxzd – RYJRVOLP.EXE Created files: %APPDATA%\PICS.RAR %APPDATA%\QILXZCTHB\RYJRVOLP.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\RYJRVOLP: “”%APPDATA%\QILXZCTHB\RYJRVOLP.EXE”” Detected by UnHackMe: RYJRVOLP.EXE DEFAULT LOCATION: %APPDATA%\QILXZCTHB\RYJRVOLP.EXE Dropper hash(md5): fbd01573c5f69e8be7e80123f8646fef UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Win32/Backdoor.a87 also known as Win32:Trojan-gen, Backdoor.W32.Androm!c, Gen:Variant.MSILPerseus.54778. Malware Analysis of Win32/Backdoor.a87 – RYJRVOLP.EXE Created files: %APPDATA%\PICS.RAR %APPDATA%\QILXZCTHB\RYJRVOLP.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\RYJRVOLP: “”%APPDATA%\QILXZCTHB\RYJRVOLP.EXE”” Detected by UnHackMe: RYJRVOLP.EXE DEFAULT LOCATION: %APPDATA%\QILXZCTHB\RYJRVOLP.EXE Dropper hash(md5): fbd01573c5f69e8be7e80123f8646fef UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Backdoor/Win32.Androm.N2120426947 also known as Generic Suspicious, Gen:Variant.MSILPerseus.54778, Trojan[Backdoor]/Win32.Androm. Malware Analysis of Backdoor/Win32.Androm.N2120426947 – RYJRVOLP.EXE Created files: %APPDATA%\PICS.RAR %APPDATA%\QILXZCTHB\RYJRVOLP.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\RYJRVOLP: “”%APPDATA%\QILXZCTHB\RYJRVOLP.EXE”” Detected by UnHackMe: RYJRVOLP.EXE DEFAULT LOCATION: %APPDATA%\QILXZCTHB\RYJRVOLP.EXE Dropper hash(md5): fbd01573c5f69e8be7e80123f8646fef UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Backdoor.Win32.Pony.Gen.A[h] also known as TSPY_FAREIT.SMJR1, a variant of Win32/PSW.Fareit.A, Gen:Variant.Razy.36607 (B). Malware Analysis of Backdoor.Win32.Pony.Gen.A[h] – FB_7759.TMP.EXE Created files: %PROFILE%\DOCUMENTS\NEW TEXT DOCUMENT.TXT %TEMP%\FB_7759.TMP %TEMP%\FB_7759.TMP.EXE %TEMP%\FB_7825.TMP %TEMP%\FB_7825.TMP.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\APPLICATION: “%APPDATA%\SAPP.EXE” Detected by UnHackMe: FB_7759.TMP.EXE DEFAULT LOCATION: %TEMP%\FB_7759.TMP.EXE Dropper hash(md5): ec2e0ab5d95fac7a8624bcb85e3895a6 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software.…

Continue reading →

BDS/Backdoor.qhwuy also known as W32/Dodiw.A.gen!Eldorado, Trojan.Agent.Win32.563698, Trj/Genetic.gen. Malware Analysis of BDS/Backdoor.qhwuy – SOUND.EXE.EXE Created files: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\VIDEO DRIVER: “%COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE” Detected by UnHackMe: SOUND.EXE.EXE DEFAULT LOCATION: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Dropper hash(md5): 8c126f4c8d05d301ee76316454350f02 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Backdoor.Dodiw also known as Gen:Variant.Downloader.212, Gen:Variant.Downloader.212, Trojan.Agent/Gen-Malagent. Malware Analysis of Backdoor.Dodiw – SOUND.EXE.EXE Created files: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\VIDEO DRIVER: “%COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE” Detected by UnHackMe: SOUND.EXE.EXE DEFAULT LOCATION: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Dropper hash(md5): 8c126f4c8d05d301ee76316454350f02 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Backdoor:Win32/Dodiw.A also known as BehavesLike.Win32.Trojan.fc, Gen:Variant.Downloader.212, Trojan.Win32.Agent.794624.L[UPX][h]. Malware Analysis of Backdoor:Win32/Dodiw.A – SOUND.EXE.EXE Created files: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\VIDEO DRIVER: “%COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE” Detected by UnHackMe: SOUND.EXE.EXE DEFAULT LOCATION: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Dropper hash(md5): 8c126f4c8d05d301ee76316454350f02 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Backdoor.Bladabindi also known as Gen:Variant.Kazy.795755, Generic.amv, Gen:Variant.Kazy.795755. Malware Analysis of Backdoor.Bladabindi – E1226FE0A2936A7303437B84CE1B3DDC.EXE Created files: %TEMP%\SYSTEM.EXE %STARTUP%\E1226FE0A2936A7303437B84CE1B3DDC.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\E1226FE0A2936A7303437B84CE1B3DDC: “”%TEMP%\SYSTEM.EXE” ..” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\E1226FE0A2936A7303437B84CE1B3DDC: “”%TEMP%\SYSTEM.EXE” ..” Detected by UnHackMe: E1226FE0A2936A7303437B84CE1B3DDC.EXE DEFAULT LOCATION: %STARTUP%\E1226FE0A2936A7303437B84CE1B3DDC.EXE Dropper hash(md5): 84038dc4886e3113de909d0458149f7c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

Backdoor/Win32.Dodiw.N2120512995 also known as Trojan/Win32.SGeneric, Win32.Trojan.WisdomEyes.16070401.9500.9670, SMG.Heur!gen. Malware Analysis of Backdoor/Win32.Dodiw.N2120512995 – SOUND.EXE.EXE Created files: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\VIDEO DRIVER: “%COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE” Detected by UnHackMe: SOUND.EXE.EXE DEFAULT LOCATION: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Dropper hash(md5): 8c126f4c8d05d301ee76316454350f02 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

BackDoor.Bladabindi.13678 also known as Trojan.Zapchast!OfEgOU34oy0, Trojan.Kazy.DC246B, W32/S-9c2e0bba!Eldorado. Malware Analysis of BackDoor.Bladabindi.13678 – E1226FE0A2936A7303437B84CE1B3DDC.EXE Created files: %TEMP%\SYSTEM.EXE %STARTUP%\E1226FE0A2936A7303437B84CE1B3DDC.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\E1226FE0A2936A7303437B84CE1B3DDC: “”%TEMP%\SYSTEM.EXE” ..” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\E1226FE0A2936A7303437B84CE1B3DDC: “”%TEMP%\SYSTEM.EXE” ..” Detected by UnHackMe: E1226FE0A2936A7303437B84CE1B3DDC.EXE DEFAULT LOCATION: %STARTUP%\E1226FE0A2936A7303437B84CE1B3DDC.EXE Dropper hash(md5): 84038dc4886e3113de909d0458149f7c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

Backdoor.Dodiw!8.60C-7MoPpMx5lFD (cloud) also known as Trojan.Stealer.ORM, Gen:Variant.Downloader.212, Win32/Spy.Agent.OSD. Malware Analysis of Backdoor.Dodiw!8.60C-7MoPpMx5lFD (cloud) – SOUND.EXE.EXE Created files: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\VIDEO DRIVER: “%COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE” Detected by UnHackMe: SOUND.EXE.EXE DEFAULT LOCATION: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Dropper hash(md5): 8c126f4c8d05d301ee76316454350f02 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Backdoor.Win32.Dodiw also known as Trojan.Win32.Generic!BT, Win32:Evo-gen [Susp], Gen:Variant.Downloader.212. Malware Analysis of Backdoor.Win32.Dodiw – SOUND.EXE.EXE Created files: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\VIDEO DRIVER: “%COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE” Detected by UnHackMe: SOUND.EXE.EXE DEFAULT LOCATION: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Dropper hash(md5): 8c126f4c8d05d301ee76316454350f02 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

BehavesLike.Win32.BackdoorNJRat.nm also known as TROJ_SPNR.0BAR14, trojan.win32.skeeyah.a!rfn. Malware Analysis of BehavesLike.Win32.BackdoorNJRat.nm – YBVYIHBHPKMRQZ.EXE Created files: %TEMP%\AB544879-73B6-492B-9656-30B4839A724E0\PARENT.TXT %TEMP%\PARENT.TXT %TEMP%\YBVYIHBHPKMRQZ.EXE %TEMP%\YBVYIHBHPKMRQZ.EXE.CONFIG Detected by UnHackMe: YBVYIHBHPKMRQZ.EXE DEFAULT LOCATION: %TEMP%\YBVYIHBHPKMRQZ.EXE Dropper hash(md5): 43ef000498858840ec1571283f399a33 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Backdoor.Androm.kot also known as Trojan.Win32.Generic.pak!cobra, Backdoor.Androm!Y36z1Wb9v3c, Trojan.PWS.Siggen1.57800. Malware Analysis of Backdoor.Androm.kot – USYVTWUJ.EXE Created files: %COMMON APPDATA%\ENEWECUTIBYGALIF\AWYWUDYT %COMMON APPDATA%\ENEWECUTIBYGALIF\EWYWIDYT %COMMON APPDATA%\ENEWECUTIBYGALIF\UHYWYNYT %WINDIR%\USYVTWUJ.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OQOFIKOX: “”%WINDIR%\USYVTWUJ.EXE”” Detected by UnHackMe: USYVTWUJ.EXE Default location: %WinDir%\USYVTWUJ.EXE Dropper hash(md5): fc38b33ebd8d08361eb4c0258bc772ce UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

backdoor.win32.turkojan.ai also known as Mal_Xed-7, NetWorm ( 700000151 ), W32/Trojan.YXGX-5409. Malware Analysis of backdoor.win32.turkojan.ai – XCASDF.EXE Created files: %WINDIR%\LOCK.LOG %WINDIR%\SYS.DAT %WINDIR%\XCASDF.EXE %WINDIR%\XDRQ\5.165.168.169.INI %WINDIR%\XDRQ\EXIEAGL.EXE Detected by UnHackMe: XCASDF.EXE Default location: %WinDir%\XCASDF.EXE Dropper hash(md5): c7ba62fb36de185c96e2638e57b15d51 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Backdoor.Androm!Y36z1Wb9v3c also known as Artemis!FC38B33EBD8D, Ransom_r.AMB, Win32/Filecoder.TorrentLocker.A. Malware Analysis of Backdoor.Androm!Y36z1Wb9v3c – USYVTWUJ.EXE Created files: %COMMON APPDATA%\ENEWECUTIBYGALIF\AWYWUDYT %COMMON APPDATA%\ENEWECUTIBYGALIF\EWYWIDYT %COMMON APPDATA%\ENEWECUTIBYGALIF\UHYWYNYT %WINDIR%\USYVTWUJ.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OQOFIKOX: “”%WINDIR%\USYVTWUJ.EXE”” Detected by UnHackMe: USYVTWUJ.EXE Default location: %WinDir%\USYVTWUJ.EXE Dropper hash(md5): fc38b33ebd8d08361eb4c0258bc772ce UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Backdoor.Win32.Androm.lbit also known as BehavesLike.Win32.MysticCompressor.jh, Trojan.Win32.Cryptohasyou.673280[h], Ransom:Win32/Ranscrape. Malware Analysis of Backdoor.Win32.Androm.lbit – USYVTWUJ.EXE Created files: %COMMON APPDATA%\ENEWECUTIBYGALIF\AWYWUDYT %COMMON APPDATA%\ENEWECUTIBYGALIF\EWYWIDYT %COMMON APPDATA%\ENEWECUTIBYGALIF\UHYWYNYT %WINDIR%\USYVTWUJ.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OQOFIKOX: “”%WINDIR%\USYVTWUJ.EXE”” Detected by UnHackMe: USYVTWUJ.EXE Default location: %WinDir%\USYVTWUJ.EXE Dropper hash(md5): fc38b33ebd8d08361eb4c0258bc772ce UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Backdoor.Win32.Androm.lbeo also known as Trojan.Win32.Generic!BT, RDN/Generic BackDoor, Trojan.Injector!yQHXrrBLvyc. Malware Analysis of Backdoor.Win32.Androm.lbeo – YFTMAGYP.EXE Created files: %WINDIR%\TEMP\TMP00000001A1D700F436CEA8A8 %WINDIR%\TEMP\TMP000000029ED7BC6AE257B37A %WINDIR%\YFTMAGYP.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\KZUBYVOL: “”%WINDIR%\YFTMAGYP.EXE”” Detected by UnHackMe: YFTMAGYP.EXE Default location: %WinDir%\YFTMAGYP.EXE Dropper hash(md5): 5aad5919646150cd8bf26adadb678268 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Win32.Backdoor.Androm.Edxg also known as Troj/Ransom-DUQ, Trojan.GenericKD.3577058, Ransom.TorrentLocker. Malware Analysis of Win32.Backdoor.Androm.Edxg – USYVTWUJ.EXE Created files: %COMMON APPDATA%\ENEWECUTIBYGALIF\AWYWUDYT %COMMON APPDATA%\ENEWECUTIBYGALIF\EWYWIDYT %COMMON APPDATA%\ENEWECUTIBYGALIF\UHYWYNYT %WINDIR%\USYVTWUJ.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OQOFIKOX: “”%WINDIR%\USYVTWUJ.EXE”” Detected by UnHackMe: USYVTWUJ.EXE Default location: %WinDir%\USYVTWUJ.EXE Dropper hash(md5): fc38b33ebd8d08361eb4c0258bc772ce UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Backdoor/Win32.Androm.N2121683272 also known as virus.win32.sality.at, Win32:Malware-gen, Trojan.GenericKD.3573579. Malware Analysis of Backdoor/Win32.Androm.N2121683272 – YFTMAGYP.EXE Created files: %WINDIR%\TEMP\TMP00000001A1D700F436CEA8A8 %WINDIR%\TEMP\TMP000000029ED7BC6AE257B37A %WINDIR%\YFTMAGYP.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\KZUBYVOL: “”%WINDIR%\YFTMAGYP.EXE”” Detected by UnHackMe: YFTMAGYP.EXE Default location: %WinDir%\YFTMAGYP.EXE Dropper hash(md5): 5aad5919646150cd8bf26adadb678268 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Win32.Backdoor.Androm.Syin also known as Trojan.Win32.Z.Injector.390637[h], Trojan ( 004f9e811 ), W32/Trojan.WYOA-6523. Malware Analysis of Win32.Backdoor.Androm.Syin – YFTMAGYP.EXE Created files: %WINDIR%\TEMP\TMP00000001A1D700F436CEA8A8 %WINDIR%\TEMP\TMP000000029ED7BC6AE257B37A %WINDIR%\YFTMAGYP.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\KZUBYVOL: “”%WINDIR%\YFTMAGYP.EXE”” Detected by UnHackMe: YFTMAGYP.EXE Default location: %WinDir%\YFTMAGYP.EXE Dropper hash(md5): 5aad5919646150cd8bf26adadb678268 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

Backdoor.PePatch.Win32.69512 also known as Trojan.Win32.Crossrider.cznobp, W32/Application.TJFP-8951, Skodna.Generic.AOQ. Malware Analysis of Backdoor.PePatch.Win32.69512 – NRTLWZF5.EXE Created files: %COMMON APPDATA%\DOWNLOAD KEEEPER\K46K7NB.TLB %COMMON APPDATA%\DOWNLOAD KEEEPER\NRTLWZF5.DAT %COMMON APPDATA%\DOWNLOAD KEEEPER\NRTLWZF5.EXE %SYSTEMDRIVE%\SAND-BOX\8927528780831284533.LOG %LOCAL APPDATA%\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IABMNBFGKNIMNNKLCLIEGBIAHPBBPMKO\1.6\BACKGROUND.HTML Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{EB7292CB-D76E-3262-4BAD-9F79BAD1A85C}\INPROCSERVER32\: “%COMMON APPDATA%\DOWNLOAD KEEEPER\K46K7NB.DLL” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C1A27135-69EB-8D44-7358-34727DD7B820}\UNINSTALLSTRING: “”%COMMON APPDATA%\DOWNLOAD KEEEPER\NRTLWZF5.EXE” /S /N /I:”EXECUTECOMMANDS;UNINSTALLCOMMANDS” “”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C1A27135-69EB-8D44-7358-34727DD7B820}\DisplayName: “Download keeeper” Detected by UnHackMe: NRTLWZF5.EXE DEFAULT LOCATION: %COMMON APPDATA%\DOWNLOAD KEEEPER\NRTLWZF5.EXE…

Continue reading →

Backdoor:Win32/Protos also known as Win32:Malware-gen, Trojan.Generic.D367400, TROJ_GEN.R0C1C0DIL16. Malware Analysis of Backdoor:Win32/Protos – CMDESCTIVATE.EXE Created files: %APPDATA%\7076CRYPTED.VBS %TEMP%\7076CRYPTED.VBS %TEMP%\CMDESCTIVATE.EXE %TEMP%\CMESINUPX.EXE %TEMP%\ENCRYPTADO.EXE Detected by UnHackMe: CMDESCTIVATE.EXE DEFAULT LOCATION: %TEMP%\CMDESCTIVATE.EXE Dropper hash(md5): 30ce9b0274eb835528d696980dd77edd UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Backdoor/DarkKomet.ibq also known as Riskware ( 0040eff71 ), worm.win32.vesenlosow.a, Gen:Variant.Razy.84905. Malware Analysis of Backdoor/DarkKomet.ibq – REALPLAYER.EXE.EXE Created files: %APPDATA%\MICROSOFT\CRYPTO\RSA\S-1-5-21-3826439297-2269405635-17600287-1000\699C4B9CDEBCA7AAEA5193CAE8A50098_0D4B1D18-7E83-4EF4-B78E-47045F725890 %APPDATA%\0D4B1D18-7E83-4EF4-B78E-47045F725890\.LOCK %APPDATA%\0D4B1D18-7E83-4EF4-B78E-47045F725890\RUN.DAT %APPDATA%\REALP\REALPLAYER.EXE.EXE Detected by UnHackMe: REALPLAYER.EXE.EXE DEFAULT LOCATION: %APPDATA%\REALP\REALPLAYER.EXE.EXE Dropper hash(md5): 01d5a6f1696ba30e0f60c12619665259 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Backdoor/Win32.Farfli.N2059651261 also known as Troj/Zegost-JJ, Trojan.Win32.Redosdru, Win32:Vitro. Malware Analysis of Backdoor/Win32.Farfli.N2059651261 – IETASK.EXE Created files: %SYSDIR%\IETASK.EXE Detected by UnHackMe: IETASK.EXE Default location: %SYSDIR%\IETASK.EXE Dropper hash(md5): 62f670321fe66cfb693ddafb82ed2828 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including…

Continue reading →

Backdoor.Ramnit.Win32.1970 also known as malicious_confidence_81% (D). Malware Analysis of Backdoor.Ramnit.Win32.1970 – IRSAPPCODEDLL.DLL Created files: %APPDATA%\BAOFENGTEMP\INSTALLSHELL.DLL %APPDATA%\BAOFENGTEMP\INSTALLSTORMPLAYER.DLL %APPDATA%\BAOFENGTEMP\IRSAPPCODEDLL.DLL %APPDATA%\BAOFENGTEMP\KEYPOINT.BFRES %APPDATA%\BAOFENGTEMP\KEYS.DAT Detected by UnHackMe: IRSAPPCODEDLL.DLL DEFAULT LOCATION: %APPDATA%\BAOFENGTEMP\IRSAPPCODEDLL.DLL Dropper hash(md5): 680ff71c9466cee119309242209433ec UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Backdoor.Krap.Win32.13152 also known as Gen.Variant.Application.Bundler!c, Gen:Variant.Application.Bundler.Outbrowse.1. Malware Analysis of Backdoor.Krap.Win32.13152 – SSH.DLL Created files: %TEMP%\BCBICABECBCA.EXE %TEMP%\NST2D84.TMP\NSISUNZ.DLL %TEMP%\NST2D84.TMP\SSH.DLL Detected by UnHackMe: SSH.DLL DEFAULT LOCATION: %TEMP%\NST2D84.TMP\SSH.DLL Dropper hash(md5): 5d7beca2f66d7c0a3f778bb05f6f0dd0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

Backdoor.PePatch.Win32.91634 also known as suspected of Trojan.Downloader.gen.h. Malware Analysis of Backdoor.PePatch.Win32.91634 – BADRIVEWEBSETUP.EXE Created files: %TEMP%\RARSFX0\FILES\TOOLS\ACEBITTOOLS\PSVPD5I.EXE %TEMP%\RARSFX0\FILES\TOOLS\PANDAACTIVESCANCLEANER\PANDACLOUDCLEANER.EXE %TEMP%\RARSFX0\FILES\TOOLS\REMOTEACCESS\BADRIVEWEBSETUP.EXE %TEMP%\RARSFX0\FILES\TPCFG.XML %TEMP%\RARSFX0\FILES\TPCONF.DLL Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PAVPROC\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PAVPROC.SYS” HKLM\System\CurrentControlSet\services\PavProc\DisplayName: “Panda Process Protection Driver” HKLM\System\CurrentControlSet\services\PavPrSrv\ImagePath: “”%Program Files Common%\Panda Security\PavShld\pavprsrv.exe”” HKLM\System\CurrentControlSet\services\PavPrSrv\DisplayName: “Panda Process Protection Service” HKLM\System\CurrentControlSet\services\ShldDrv\Parameters\ImagePath: “System32\DRIVERS\ShlDrv51.sys” HKLM\System\CurrentControlSet\services\ShldDrv\ImagePath: “System32\DRIVERS\ShlDrv51.sys” HKLM\System\CurrentControlSet\services\ShldDrv\DisplayName: “Panda File Shield Driver” Detected by UnHackMe: BADRIVEWEBSETUP.EXE DEFAULT LOCATION:…

Continue reading →

backdoor.win32.dodiw.a also known as PUP/Win32.OutBrowse.R173737, OutBrowse Revenyou (PUA), AdWare.OutBrowse.hhd. Malware Analysis of backdoor.win32.dodiw.a – BEFIJAJBEF.EXE Created files: %WINDIR%\TEMP\CR_C7DE2.TMP\SETUP.EXE %WINDIR%\TEMP\CR_C7DE2.TMP\SETUP_PATCH.PACKED.7Z %TEMP%\BEFIJAJBEF.EXE %TEMP%\WER45C5.TMP.APPCOMPAT.TXT %TEMP%\WER52E6.TMP.MDMP Detected by UnHackMe: BEFIJAJBEF.EXE DEFAULT LOCATION: %TEMP%\BEFIJAJBEF.EXE Dropper hash(md5): 9ab7ad613704045e8560d00aacde3a8c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

BackDoor-FATB!FC0511B7AA01 also known as virus.win32.parite.b, Trojan.VIZ.Gen.1. Malware Analysis of BackDoor-FATB!FC0511B7AA01 – YCVA.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS MAIL\LOCAL FOLDERS\SENT ITEMS\WINMAIL.FOL %LOCAL APPDATA%\MICROSOFT\WINDOWS MAIL\MICROSOFT COMMUNITIES\ACCOUNT{3CC05103-59FD-466A-80E6-12486C131C6E}.OEACCOUNT %APPDATA%\ZYQYU\YCVA.EXE %WINDIR%\TEMP\CR_886F6.TMP\SETUP.EXE %WINDIR%\TEMP\CR_886F6.TMP\SETUP_PATCH.PACKED.7Z Detected by UnHackMe: YCVA.EXE DEFAULT LOCATION: %APPDATA%\ZYQYU\YCVA.EXE Dropper hash(md5): 970db7bc9a43bb7470658c26358b85e4 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →