Category Archives: Downloader

not-a-virus:Downloader.Win32.InstallVibe.u

not-a-virus:Downloader.Win32.InstallVibe.u also known as Riskware/Bundlore, Application.Win32.Agent.BUNF, WS.Reputation.1. Malware Analysis of not-a-virus:Downloader.Win32.InstallVibe.u – LIB52910.DLL Created files: %TEMP%\65F22184-EE3C-4992-909C-317AD129F4A3\LIB52910.DLL %TEMP%\65F22184-EE3C-4992-909C-317AD129F4A3\LOADER.GIF %TEMP%\65F22184-EE3C-4992-909C-317AD129F4A3\START.HTA Detected by UnHackMe: LIB52910.DLL DEFAULT LOCATION: %TEMP%\65F22184-EE3C-4992-909C-317AD129F4A3\LIB52910.DLL Dropper hash(md5): 41f55004105c13e9d35a1ecfac6d05aa Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Downloader.ALHW

Downloader.ALHW also known as Riskware/OutBrowse, BehavesLike.Win32.CryptDoma.hh, PUA.Downloader. Malware Analysis of Downloader.ALHW – BEFIJJFFEF.EXE Created files: %TEMP%\BEFIJJFFEF.EXE Detected by UnHackMe: BEFIJJFFEF.EXE DEFAULT LOCATION: %TEMP%\BEFIJJFFEF.EXE Dropper hash(md5): 9ce4115360d5197a747358132bdc1687 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

RiskWare[Downloader]/Win32.Agent

RiskWare[Downloader]/Win32.Agent also known as Gen:Variant.Hibye.1, Trojan.Crossrider1.40163, Generic Suspicious. Malware Analysis of RiskWare[Downloader]/Win32.Agent – VIRUSSHARE_47F96FBDF3FE22882D89EA4FFFC70736.EXE Created files: %COMMON APPDATA%\{306EBE8F-AFB5-5155-306E-EBE8FAFBFA3E}\VIRUSSHARE_47F96FBDF3FE22882D89EA4FFFC70736.DAT %COMMON APPDATA%\{306EBE8F-AFB5-5155-306E-EBE8FAFBFA3E}\VIRUSSHARE_47F96FBDF3FE22882D89EA4FFFC70736.EXE %SYSDIR%\TASKS\BIDAILY SYNCHRONIZE TASK[973B] %WINDIR%\TASKS\BIDAILY SYNCHRONIZE TASK[973B].JOB Detected by UnHackMe: VIRUSSHARE_47F96FBDF3FE22882D89EA4FFFC70736.EXE DEFAULT LOCATION: %COMMON APPDATA%\{306EBE8F-AFB5-5155-306E-EBE8FAFBFA3E}\VIRUSSHARE_47F96FBDF3FE22882D89EA4FFFC70736.EXE Dropper hash(md5): 47f96fbdf3fe22882d89ea4fffc70736 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Downloader.AGIV

Downloader.AGIV also known as BehavesLike.Win32.BrowseFox.hh, SScope.Adware.Outbrowse, PUP/Win32.OutBrowse.R172649. Malware Analysis of Downloader.AGIV – BEFCJBDDED.EXE Created files: %TEMP%\BEFCJBDDED.EXE Detected by UnHackMe: BEFCJBDDED.EXE DEFAULT LOCATION: %TEMP%\BEFCJBDDED.EXE Dropper hash(md5): cf88be877f26c198b4968a8f784bc08c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

Downloader.MSIL.BRRB

Downloader.MSIL.BRRB also known as RDN/Generic Downloader.x, TROJ_GEN.R0F0C0TKG16, W32/Trojan.SW.gen!Eldorado. Malware Analysis of Downloader.MSIL.BRRB – EXERVICE.EXE Created files: %SYSTEMDRIVE%\SAND-BOX\SENDREQUEST ERROR %SYSTEMDRIVE%\EXERVICE.EXE Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CHNGTSVC\IMAGEPATH: “%SYSTEMDRIVE%\EXERVICE.EXE HTTP://CLOUDFRONT.07DD8AEA8560D068946FC5CF2EB288C00F01D9CC.TECH/DOWNLOAD/XPACK1129_IT.1480418683.EXE” Detected by UnHackMe: EXERVICE.EXE DEFAULT LOCATION: %SYSTEMDRIVE%\EXERVICE.EXE Dropper hash(md5): d2de2c5f1d0c433ac39ad996044b1c49 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Downloader.DownloaderGuideCRTD.Win32.56

Downloader.DownloaderGuideCRTD.Win32.56 also known as PUA.Win32.Bervisec, Win32:DownloadGuide-X [PUP]. Malware Analysis of Downloader.DownloaderGuideCRTD.Win32.56 – DOWNLOADSPEEDTEST.EXE Created files: %Program Files%\AB-Tools.com\Download Speed Test\DevExpress.XtraGauges.v11.1.Core.dll %Program Files%\AB-Tools.com\Download Speed Test\DevExpress.XtraGauges.v11.1.Win.dll %Program Files%\AB-Tools.com\Download Speed Test\DownloadSpeedTest.exe %Program Files%\AB-Tools.com\Download Speed Test\DST-de.hep %Program Files%\AB-Tools.com\Download Speed Test\DST-de.rd Autostart registry keys: HKLM\System\CurrentControlSet\services\LavasoftTcpService\ImagePath: “%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe” HKLM\System\CurrentControlSet\services\LavasoftTcpService\DisplayName: “LavasoftTcpService” HKLM\System\CurrentControlSet\services\WCAssistantService\ImagePath: “%Program Files%\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe” HKLM\System\CurrentControlSet\services\WCAssistantService\DisplayName: “WC Assistant” Detected by UnHackMe: DOWNLOADSPEEDTEST.EXE…

Continue reading

Downloader.AgentCRTD.Win32.4622

Malware Analysis of Downloader.AgentCRTD.Win32.4622 – 2345CPORT.SYS Created files: %PROFILE%\DESKTOP\2345?????.LNK %PROFILE%\LINKS\2345??.LNK %SYSDIR%\DRIVERS\2345CPORT.SYS %SYSDIR%\DRIVERS\2345NSPROTECT.SYS %SYSDIR%\DRIVERS\2345PORT.SYS Autostart registry keys: HKLM\Software\Classes\2345ExplorerHTML\shell\open\command\: “”%Program Files%\2345Soft\2345Explorer\2345Explorer.exe” — “%1″” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer\DisplayName: “2345?????” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\2345Explorer\UninstallString: “%Program Files%\2345Soft\2345Explorer\Uninstall.exe” HKLM\Software\2345PCSafe\2345Reg2\1a63034b00\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” -osint -url “%1″” HKLM\Software\2345PCSafe\2345Reg2\1a63034b01\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” -osint -url “%1″” HKLM\Software\2345PCSafe\2345Reg2\75265f1800\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” -osint -url “%1″” HKLM\Software\2345PCSafe\2345Reg2\75265f1801\shell\open\command\: “”%Program Files%\Mozilla Firefox\firefox.exe” -osint -url “%1″” HKLM\Software\2345PCSafe\2345Reg2\a43ba09f00\shell\open\command\:…

Continue reading

Downloader.GDT

Downloader.GDT also known as SAPE.Heur.A8AB2, PUA/Outbrowse.Gen, RiskWare[Downloader]/NSIS.OutBrowse.by. Malware Analysis of Downloader.GDT – FREBGQW.DLL Created files: %TEMP%\1430751715.EXE %TEMP%\1430751715.FECABFBBFDG %TEMP%\FECABFBBFDG.ZIP %TEMP%\NSAB85.TMP\FREBGQW.DLL %TEMP%\NSAB85.TMP\NSISUNZ.DLL Detected by UnHackMe: FREBGQW.DLL DEFAULT LOCATION: %TEMP%\NSAB85.TMP\FREBGQW.DLL Dropper hash(md5): f0679c7580a1bdc222a3dd46f10d8272 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Downloader.CXN

Downloader.CXN also known as Riskware/OutBrowse, PUA.OutBrowse!, RiskWare[Downloader]/NSIS.OutBrowse.by. Malware Analysis of Downloader.CXN – IIX.DLL Created files: %TEMP%\WER6DE0.TMP.MDMP %TEMP%\BCCJCABECBBGB.EXE %TEMP%\NSJE252.TMP\IIX.DLL %TEMP%\NSJE252.TMP\NSISUNZ.DLL %TEMP%\WER2F96.TMP.WERINTERNALMETADATA.XML Detected by UnHackMe: IIX.DLL DEFAULT LOCATION: %TEMP%\NSJE252.TMP\IIX.DLL Dropper hash(md5): 1788fda814411afa1a81b28c65aac05d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Downloader.Dapato.Win32.5305

Downloader.Dapato.Win32.5305 also known as Trojan.Win32.Generic!BT, Trojan.Win32.Generic!BT, PUP/Gameo. Malware Analysis of Downloader.Dapato.Win32.5305 – 79F56620_STP.EXE Created files: %PROFILE%\DESKTOP\CONTINUE 2048 INSTALLATION.LNK %TEMP%\ICREINSTALL_18347EB1229C94C0F36A2AC7EEF1013B.EXE %TEMP%\IS765589038\79F56620_STP.EXE %TEMP%\IS765589038\79F56620_STP.EXE.PART %TEMP%\ISH57953\CSS\IE6_MAIN.CSS Detected by UnHackMe: 79F56620_STP.EXE DEFAULT LOCATION: %TEMP%\IS765589038\79F56620_STP.EXE Dropper hash(md5): 18347eb1229c94c0f36a2ac7eef1013b Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

RDN/Generic Downloader.x!nf

RDN/Generic Downloader.x!nf also known as Application.Bundler.Outbrowse.AN, Trojan.Win32.OutBrowse.dlliks, PUP.Optional.OutBrowse. Malware Analysis of RDN/Generic Downloader.x!nf – BCCJCABECBBGB.EXE Created files: %TEMP%\WER59CA.TMP.APPCOMPAT.TXT %TEMP%\WER6DE0.TMP.MDMP %TEMP%\BCCJCABECBBGB.EXE %TEMP%\NSJE252.TMP\IIX.DLL %TEMP%\NSJE252.TMP\NSISUNZ.DLL Detected by UnHackMe: BCCJCABECBBGB.EXE DEFAULT LOCATION: %TEMP%\BCCJCABECBBGB.EXE Dropper hash(md5): 1788fda814411afa1a81b28c65aac05d Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

not-a-virus:Downloader.Win32.Generic

not-a-virus:Downloader.Win32.Generic also known as Trojan.Win32.Generic!BT, Trojan.Win32.Injected, Trojan/W32.Agent.803488.B. MALWARE ANALYSIS OF NOT-A-VIRUS:DOWNLOADER.WIN32.GENERIC – ICREINSTALL_18347EB1229C94C0F36A2AC7EEF1013B.EXE Created files: %TEMP%\ISH57953\LOCALE\UA.LOCALE %PROFILE%\DESKTOP\CONTINUE 2048 INSTALLATION.LNK %TEMP%\ICREINSTALL_18347EB1229C94C0F36A2AC7EEF1013B.EXE %TEMP%\IS765589038\79F56620_STP.EXE %TEMP%\IS765589038\79F56620_STP.EXE.PART Detected by UnHackMe: ICREINSTALL_18347EB1229C94C0F36A2AC7EEF1013B.EXE DEFAULT LOCATION: %TEMP%\ICREINSTALL_18347EB1229C94C0F36A2AC7EEF1013B.EXE Dropper hash(md5): 18347eb1229c94c0f36a2ac7eef1013b Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

W32/Downloader.EV.gen!Eldorado

W32/Downloader.EV.gen!Eldorado also known as Trojan.Win32.Dtcontx.cyesot, Win32.Adware.Domaiq.Wrgs, Trojan.Generic.10057737. MALWARE ANALYSIS OF W32/DOWNLOADER.EV.GEN!ELDORADO – EFEBAC5BABB467F59C9E268F2B19EE6F.EXE Created files: %TEMP%\DM\EFEBAC5BABB467F59C9E268F2B19EE6F.EXE\A896107152FE41C096CC6B72A98F0D89\EFEBAC5BABB467F59C9E268F2B19EE6F.EXE %TEMP%\DM\EFEBAC5BABB467F59C9E268F2B19EE6F.EXE\A896107152FE41C096CC6B72A98F0D89\EFEBAC5BABB467F59C9E268F2B19EE6F.EXE.CONFIG %TEMP%\DM\EFEBAC5BABB467F59C9E268F2B19EE6F.EXE\A896107152FE41C096CC6B72A98F0D89\BIN\BIN.HTML %TEMP%\DM\EFEBAC5BABB467F59C9E268F2B19EE6F.EXE\A896107152FE41C096CC6B72A98F0D89\BIN.DLL %TEMP%\DM\EFEBAC5BABB467F59C9E268F2B19EE6F.EXE\A896107152FE41C096CC6B72A98F0D89\CONFIG.DLL Detected by UnHackMe: EFEBAC5BABB467F59C9E268F2B19EE6F.EXE DEFAULT LOCATION: %TEMP%\DM\EFEBAC5BABB467F59C9E268F2B19EE6F.EXE\A896107152FE41C096CC6B72A98F0D89\EFEBAC5BABB467F59C9E268F2B19EE6F.EXE Dropper hash(md5): efebac5babb467f59c9e268f2b19ee6f Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Generic.Downloader.A8

Generic.Downloader.A8 also known as Unwanted-Program ( 004d2f6c1 ), Adware.GenericKD.3688236, Win32.Adware.Bp-installer.Ecbm. MALWARE ANALYSIS OF GENERIC.DOWNLOADER.A8 – ICREINSTALL_00407EA493476F2BF0BDC5453F392FB2.EXE Created files: %TEMP%\INH5587530838\LOCALE\TR.LOCALE %PROFILE%\DESKTOP\CONTINUE BITLORD INSTALLATION.LNK %TEMP%\ICREINSTALL_00407EA493476F2BF0BDC5453F392FB2.EXE %TEMP%\IN55F2C45B\2FE86F9A.TMP %TEMP%\IN55F2C45B\5DFD2C95_STP\OSUTILS.VBS Detected by UnHackMe: ICREINSTALL_00407EA493476F2BF0BDC5453F392FB2.EXE DEFAULT LOCATION: %TEMP%\ICREINSTALL_00407EA493476F2BF0BDC5453F392FB2.EXE Dropper hash(md5): 00407ea493476f2bf0bdc5453f392fb2 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Downloader.Agent.Win32.197470

Downloader.Agent.Win32.197470 also known as Trojan.A, Adware.BL. Malware Analysis of Downloader.Agent.Win32.197470 – ~PBWUTUF.EXE Created files: %TEMP%\_TEMP_CAMVMEQ.TMP\WEBPLAYER_INSTALL.AIR %APPDATA%\WP_UPDATE\CURRENTVERSION.TXT %APPDATA%\~PBWUTUF.EXE %SYSDIR%\TASKS\WP_UPDATE Detected by UnHackMe: ~PBWUTUF.EXE DEFAULT LOCATION: %APPDATA%\~PBWUTUF.EXE Dropper hash(md5): d5d07548da256da707b927681fb0eacd Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Downloader.Generic14.ASR

Downloader.Generic14.ASR also known as Riskware.Win32.Amonetize.dffaha, SMG.Heur!gen, AdWare/Amonetize.cq. MALWARE ANALYSIS OF DOWNLOADER.GENERIC14.ASR – 8BB22D6DAF8493928D2671FC66F0CDE0.EXE Created files: %TEMP%\AMIC01.TMP.ICO %TEMP%\AMIPIXEL.CFG %TEMP%\8BB22D6DAF8493928D2671FC66F0CDE0.EXE %PROFILE%\DESKTOP\CONTINUE INSTALLATION – DOWNLOADMANAGERMODERN.LNK Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{D86B03E5-99CA-4344-8BFE-9F657F6D4C6E}\LOCALSERVER32\: “”%SYSTEMDRIVE%\SAND-BOX\8BB22D6DAF8493928D2671FC66F0CDE0.EXE”” Detected by UnHackMe: 8BB22D6DAF8493928D2671FC66F0CDE0.EXE DEFAULT LOCATION: %TEMP%\8BB22D6DAF8493928D2671FC66F0CDE0.EXE Dropper hash(md5): 8bb22d6daf8493928d2671fc66f0cde0 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading

Downloader.Generic14.BETZ

Downloader.Generic14.BETZ also known as Gen:Variant.MSILPerseus.53070 (B), Trojan.Win32.Generic!BT, Win32:Malware-gen. Malware Analysis of Downloader.Generic14.BETZ – XZCHJRRJ.EXE Created files: %TEMP%\ETILQS_4DAOAVOPC4GKHSN %TEMP%\ETILQS_HOCWYTTLXVBWIQN %LOCAL APPDATA%\XZCHJRRJ.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\51E5761A-CDC0-438C-9830-09F54AF84F4F %STARTUP%\XZCHJRRJ.VBS Detected by UnHackMe: XZCHJRRJ.EXE DEFAULT LOCATION: %LOCAL APPDATA%\XZCHJRRJ.EXE Dropper hash(md5): a7494a65459dbfa5943cf58d4d617d62 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

TR/Downloader.kopky

TR/Downloader.kopky also known as TROJ_GEN.R023C0DIL16, Trojan.MSIL.gen.11, trojan.win32.skeeyah.a!rfn. Malware Analysis of TR/Downloader.kopky – XZCHJRRJ.EXE Created files: %TEMP%\ETILQS_4DAOAVOPC4GKHSN %TEMP%\ETILQS_HOCWYTTLXVBWIQN %LOCAL APPDATA%\XZCHJRRJ.EXE %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\51E5761A-CDC0-438C-9830-09F54AF84F4F %STARTUP%\XZCHJRRJ.VBS Detected by UnHackMe: XZCHJRRJ.EXE DEFAULT LOCATION: %LOCAL APPDATA%\XZCHJRRJ.EXE Dropper hash(md5): a7494a65459dbfa5943cf58d4d617d62 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

Downloader.Agent.Win32.293821

Malware Analysis of Downloader.Agent.Win32.293821 – 62777_STP.EXE Created files: %WINDIR%\TEMP\CR_0197C.TMP\SETUP_PATCH.PACKED.7Z %TEMP%\ICREINSTALL_F3F1AB1A52ED6F3F3FAB3719B232F9AE.EXE %TEMP%\IS1293689599\62777_STP.EXE %TEMP%\IS1293689599\62777_STP.EXE.PART %TEMP%\ISH57015\CSS\IE6_MAIN.CSS Detected by UnHackMe: 62777_STP.EXE DEFAULT LOCATION: %TEMP%\IS1293689599\62777_STP.EXE Dropper hash(md5): f3f1ab1a52ed6f3f3fab3719b232f9ae Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware,…

Continue reading

Downloader-FAMV!FB8C2B9D6078

Downloader-FAMV!FB8C2B9D6078 also known as PE:Malware.Generic/QRS!1.9E2D [F], Trojan.Agent.BRFX, Trojan.Win32.Crypt. Malware Analysis of Downloader-FAMV!FB8C2B9D6078 – CYVDXCMOOIAH.EXE Created files: %SYSTEMDRIVE%\USERS\_RECOVERY_+OQSAE.PNG %SYSTEMDRIVE%\USERS\_RECOVERY_+OQSAE.TXT %WINDIR%\CYVDXCMOOIAH.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\NORJQTOUGKQL: “%SYSDIR%\CMD.EXE /C START “” “%WINDIR%\CYVDXCMOOIAH.EXE”” Detected by UnHackMe: CYVDXCMOOIAH.EXE Default location: %WinDir%\CYVDXCMOOIAH.EXE Dropper hash(md5): fb8c2b9d6078f8752e12a1ada33f6dae Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Downloader.Amonetize.Win32.3712

Downloader.Amonetize.Win32.3712 also known as Program.Unwanted.840. Malware Analysis of Downloader.Amonetize.Win32.3712 – SHORTCUTLAUNCHER.EXE Created files: %Program Files%\Solvusoft\MachineIdGateway.dll %Program Files%\Solvusoft\sfhtml.dll %Program Files%\Solvusoft\ShortcutLauncher.exe %Program Files%\Solvusoft\SolvusoftLauncher.exe %Program Files%\Solvusoft\SuiteService.exe Autostart registry keys: HKLM\Software\Classes\Applications\DriverDocSetup.exe\IsHostApp: “” HKLM\Software\Classes\Applications\EULA.rtf\NoStartPage: “” HKLM\Software\Classes\Applications\LogFilesCollector.exe\NoStartPage: “” HKLM\Software\Classes\Applications\Setup_DriverDoc_2016.exe\IsHostApp: “” HKLM\Software\Classes\Applications\ShortcutLauncher.exe\NoStartPage: “” HKLM\Software\Classes\Applications\SolvusoftTray.exe\NoStartPage: “” HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0570A0D4430B8FD479ED621F12A22CFF\InstallProperties\DisplayName: “DriverDoc” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\CommonToolkitTray_Solvusoft: “%Program Files%\Solvusoft\Tray\SolvusoftTray.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverDoc\DisplayName: “DriverDoc” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DRIVERDOC\UNINSTALLSTRING: “”%COMMON APPDATA%\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}\DRIVERDOCSETUP.EXE” REMOVE=TRUE MODIFY=FALSE” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}\DisplayName: “DriverDoc” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}\UNINSTALLSTRING: “%COMMON APPDATA%\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}\DRIVERDOCSETUP.EXE”…

Continue reading

GrayWare[Downloader:not-a-virus]/Win32.Adload.gen

GrayWare[Downloader:not-a-virus]/Win32.Adload.gen also known as Artemis!310CA082A3EC, Artemis, Gen:Trojan.Downloader.ZuZ@aeWjIqki. Malware Analysis of GrayWare[Downloader:not-a-virus]/Win32.Adload.gen – ANCAMERA_4.XUPDATEVER_5.3.1.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016112220161123\CONTAINER.DAT %TEMP%\ANCAMCODER_SAVED.XML %TEMP%\ANCAMERA_4.XUPDATEVER_5.3.1.EXE %TEMP%\NSC254D.TMP\STACK.DLL %TEMP%\NSCD8D3.TMP\STACK.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{F1A015C9-8106-4120-9D18-21BAEDAB20FF}\InprocServer32\: “%Program Files%\AHNSOFT\ancamera3\ksmodule.dll” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnCamCorder\DisplayName: “AnCamCorder Uninstall” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnCamCorder\UninstallString: “%Program Files%\\AHNSOFT\AnCamCorder\Uninstall.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnCamera\DisplayName: “Ancamera Uninstall” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AnCamera\UninstallString: “%Program Files%\AHNSOFT\ancamera3\Uninstall.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antools\DisplayName: “Antools” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antools\UninstallString: “”%Program Files%\AHNSOFT\Antools\Uninstall.exe”” Detected by UnHackMe: ANCAMERA_4.XUPDATEVER_5.3.1.EXE DEFAULT LOCATION: %TEMP%\ANCAMERA_4.XUPDATEVER_5.3.1.EXE Dropper hash(md5): 4c51d1eea0bc1dacfaffa5e1e7b201a4 Share…

Continue reading

Downloader.CVZ

Downloader.CVZ also known as BehavesLike.Win32.Downloader.ch, Trojan.OutBrowse.80, Trojan.Win32.OutBrowse.dmikii. Malware Analysis of Downloader.CVZ – VVQ.DLL Created files: %TEMP%\BCCDCABECEJD.EXE %TEMP%\NSSDDFD.TMP\NSISUNZ.DLL %TEMP%\NSSDDFD.TMP\VVQ.DLL %TEMP%\WER1085.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3D1A.TMP.APPCOMPAT.TXT Detected by UnHackMe: VVQ.DLL DEFAULT LOCATION: %TEMP%\NSSDDFD.TMP\VVQ.DLL Dropper hash(md5): 3a450feb7426a2cf5ac38176a02d265f Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Gen:Variant.Downloader.212

Gen:Variant.Downloader.212 also known as BehavesLike.Win32.Trojan.fc, W32/Dodiw.A.gen!Eldorado, Backdoor.Dodiw!8.60C-7MoPpMx5lFD (cloud). Malware Analysis of Gen:Variant.Downloader.212 – SOUND.EXE.EXE Created files: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\VIDEO DRIVER: “%COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE” Detected by UnHackMe: SOUND.EXE.EXE DEFAULT LOCATION: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Dropper hash(md5): 8c126f4c8d05d301ee76316454350f02 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

Gen:Variant.Downloader.212 (B)

Gen:Variant.Downloader.212 (B) also known as Win32:Evo-gen [Susp], HEUR:Trojan.Win32.Generic, SMG.Heur!gen. Malware Analysis of Gen:Variant.Downloader.212 (B) – SOUND.EXE.EXE Created files: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\VIDEO DRIVER: “%COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE” Detected by UnHackMe: SOUND.EXE.EXE DEFAULT LOCATION: %COMMON APPDATA%\DRIVERS\SOUND.EXE.EXE Dropper hash(md5): 8c126f4c8d05d301ee76316454350f02 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Downloader/Win32.Agent.N2090127634

Downloader/Win32.Agent.N2090127634 also known as Trojan.GenericKD.3493205, Troj.Downloader.W32.Agent!c, Win32/Trojan.Downloader.a01. Malware Analysis of Downloader/Win32.Agent.N2090127634 – RT32.EXE Created files: %SYSTEMDRIVE%\SAND-BOX\CS\COUNTER STRIKE 1.6.URL %SYSTEMDRIVE%\SAND-BOX\CS\README.TXT %STARTUP%\HALF-LIFE LAUNCHER.LNK %APPDATA%\RTLX\LOCAL.ID %APPDATA%\RTLX\RT32.EXE Detected by UnHackMe: RT32.EXE DEFAULT LOCATION: %APPDATA%\RTLX\RT32.EXE Dropper hash(md5): adf17c644ee0250e49250b42b7456875 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Downloader.NSIS

Downloader.NSIS also known as Troj.Downloader.Nsis!c, Win32.Trojan.WisdomEyes.16070401.9500.9989, Trojan.Nsis.BPlug.dztigc. Malware Analysis of Downloader.NSIS – KRBUPDATER-UTILITY.EXE Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\START MENU\PROGRAMS\KINOROOM BROWSER.LNK %COMMON APPDATA%\KRB UPDATER UTILITY\KRBUPDATE %COMMON APPDATA%\KRB UPDATER UTILITY\KRBUPDATER-UTILITY.EXE %PUBLIC%\DESKTOP\KINOROOM BROWSER.LNK %TEMP%\NSGA8D3.TMP\REGISTRY.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI\DisplayName: “Adobe Flash Player 23 NPAPI” HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE FLASH PLAYER NPAPI\UNINSTALLSTRING: “%SYSDIR%\MACROMED\FLASH\FLASHUTIL32_23_0_0_207_PLUGIN.EXE -MAINTAIN PLUGIN” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Kinoroom Browser\DisplayName: “Kinoroom Browser” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Kinoroom Browser\UninstallString:…

Continue reading

Downloader.Agent.Win32.182069

Downloader.Agent.Win32.182069 also known as Win32.Adware.Generic.c, Trojan.Win32.Agent.cqrjxh, Trojan[Downloader]/Win32.Agent. Malware Analysis of Downloader.Agent.Win32.182069 – XCASDF.EXE Created files: %WINDIR%\LOCK.LOG %WINDIR%\SYS.DAT %WINDIR%\XCASDF.EXE %WINDIR%\XDRQ\5.165.168.169.INI %WINDIR%\XDRQ\EXIEAGL.EXE Detected by UnHackMe: XCASDF.EXE Default location: %WinDir%\XCASDF.EXE Dropper hash(md5): c7ba62fb36de185c96e2638e57b15d51 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Downloader.CBT

Downloader.CBT also known as TROJ_GEN.R047C0EEM16, PUA/Outbrowse.lwasp, Trojan/PornoAsset.sof. Malware Analysis of Downloader.CBT – BACACABEBBBHD.EXE Created files: %STARTUP%-OLD\MUTEX_3.LNK %STARTUP%-OLD\ZOOMIT.EXE %TEMP%\BACACABEBBBHD.EXE %TEMP%\NSF586C.TMP\AA.DLL %TEMP%\NSF586C.TMP\NSISUNZ.DLL Detected by UnHackMe: BACACABEBBBHD.EXE DEFAULT LOCATION: %TEMP%\BACACABEBBBHD.EXE Dropper hash(md5): 1868d21763b16764a6195ee6ac26ba12 Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Downloader.AEUC

Downloader.AEUC also known as SScope.Adware.Outbrowse, OutBrowse, W32/Outbrowse.K.gen!Eldorado. Malware Analysis of Downloader.AEUC – BEFAHEGBDG.EXE Created files: %TEMP%\BEFAHEGBDG.EXE Detected by UnHackMe: BEFAHEGBDG.EXE DEFAULT LOCATION: %TEMP%\BEFAHEGBDG.EXE Dropper hash(md5): 133c82313f19d71a35aed5bd01b4e53c Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera