Downloader.Agent.Win32.5264 also known as Generic.Onlinegames.14.6D78351B, Generic.Onlinegames.14.6D78351B, Trojan-Downloader.Win32.Agent!O. Malware Analysis of Downloader.Agent.Win32.5264 – 91C7DF6D.DLL Created files: %TEMP%\LIV4B3C.TMP %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\45BAFEE3-5793-4A3B-B7F0-E10B569FD99D %SYSDIR%\91C7DF6D.CFG %SYSDIR%\91C7DF6D.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{91C7DF6D-AEF5-4136-9252-AF030D7A5931}\InprocServer32\: “91C7DF6D.dll” Detected by UnHackMe: 91C7DF6D.DLL Default location: %SYSDIR%\91C7DF6D.DLL Dropper hash(md5): 042c8e2e687cc6a1a78f874c0db8c5db UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Downloader.Generic14.JNO also known as TROJ_BANDOK.FL, Trojan.Inject.g9, Trojan.Injector. Malware Analysis of Downloader.Generic14.JNO – 2923.EXE Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\WER\REPORTARCHIVE\APPCRASH_FIREFOX.EXE_32BB5FC8E332D945A08D7C15EFC4EA816A04B1_0954F161\REPORT.WER %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-3826439297-2269405635-17600287-1000\0FF32117-2CA9-41A2-B73D-C2746A200271 %APPDATA%\SPFS\2923.EXE %APPDATA%\SPFS\3024.EXE %APPDATA%\SPFS\CPM.DLL Detected by UnHackMe: 2923.EXE DEFAULT LOCATION: %APPDATA%\SPFS\2923.EXE Dropper hash(md5): 240600688420b304b01e291f54afa506 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Downloader.ZFE also known as Trojan.Gen.2, AdWare.MSIL.azb, Adware/Imali. Malware Analysis of Downloader.ZFE – FUFEBA8.EXE Created files: %TEMP%\FUFEBA8.EXE %TEMP%\FUFEBA8.TMP %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-3826439297-2269405635-17600287-1000\F154E278-6926-426C-AC47-AB06600CF7DB Detected by UnHackMe: FUFEBA8.EXE DEFAULT LOCATION: %TEMP%\FUFEBA8.EXE Dropper hash(md5): 140a18d745ff8eccbc0d51f873e4c859 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Downloader.SYO also known as HEUR/QVM30.1.Malware.Gen, Generic PUA JH (PUA), Riskware/OutBrowse. Malware Analysis of Downloader.SYO – KDSJQDP.DLL Created files: %TEMP%\BEEHGIAEJI.IJEAI %TEMP%\IJEAI.ZIP %TEMP%\NSZC99A.TMP\KDSJQDP.DLL %TEMP%\NSZC99A.TMP\ZIPDLL.DLL %TEMP%\WER9F34.TMP.WERINTERNALMETADATA.XML Detected by UnHackMe: KDSJQDP.DLL DEFAULT LOCATION: %TEMP%\NSZC99A.TMP\KDSJQDP.DLL Dropper hash(md5): 20786813d2079aef30d2f46bda64b427 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Downloader.ABLI also known as Unwanted-Program ( 004d2a1c1 ), Win32.Adware.Downloader.Auto, Trojan.OutBrowse.952. Malware Analysis of Downloader.ABLI – BEEHGIAEJI.EXE Created files: %TEMP%\WERDC54.TMP.MDMP %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-3826439297-2269405635-17600287-1000\F37A1BB5-10E9-4EF9-B280-C7D2662FBBF3 %TEMP%\BEEHGIAEJI.EXE %TEMP%\BEEHGIAEJI.IJEAI %TEMP%\IJEAI.ZIP Detected by UnHackMe: BEEHGIAEJI.EXE DEFAULT LOCATION: %TEMP%\BEEHGIAEJI.EXE Dropper hash(md5): 20786813d2079aef30d2f46bda64b427 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Downloader.Generic9.CERH also known as W32/Adload.MGT!tr.dldr, Trojan-Downloader.Win32.Adload, Trojan-Downloader.Win32.Adload!O. Malware Analysis of Downloader.Generic9.CERH – FLOODCORE.DLL Created files: %SYSDIR%\WEB.INI %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0BE31133-48CF-422F-BF31-BA0F407B5224 %SYSDIR%\FLOODCORE.DLL %SYSDIR%\PUIHILE.DLL %SYSDIR%\TAOB.DLL Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{6E28339B-7A2A-47B6-AEB2-46BA53782379}\INPROCSERVER32\: “%SYSDIR%\TAOB.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{C4560D12-CE25-4A2E-A5D4-B5070FCBE282}\INPROCSERVER32\: “%SYSDIR%\PUIHILE.DLL” HKLM\Software\Softfy\CSID\dllname: “puihile.dll” Detected by UnHackMe: FLOODCORE.DLL Default location: %SYSDIR%\FLOODCORE.DLL Dropper hash(md5): 030bc9cb1468ae55feabb813ac345be1 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

Downloader.Adload.Win32.7276 also known as TR/Dldr.Adload.mgt, W32/Adload.MGT!tr.dldr, Win32.Troj.Undef.(kcloud). Malware Analysis of Downloader.Adload.Win32.7276 – FLOODCORE.DLL Created files: %SYSDIR%\WEB.INI %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0BE31133-48CF-422F-BF31-BA0F407B5224 %SYSDIR%\FLOODCORE.DLL %SYSDIR%\PUIHILE.DLL %SYSDIR%\TAOB.DLL Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{6E28339B-7A2A-47B6-AEB2-46BA53782379}\INPROCSERVER32\: “%SYSDIR%\TAOB.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{C4560D12-CE25-4A2E-A5D4-B5070FCBE282}\INPROCSERVER32\: “%SYSDIR%\PUIHILE.DLL” HKLM\Software\Softfy\CSID\dllname: “puihile.dll” Detected by UnHackMe: FLOODCORE.DLL Default location: %SYSDIR%\FLOODCORE.DLL Dropper hash(md5): 030bc9cb1468ae55feabb813ac345be1 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

W32/Downloader.TXIW-2697 also known as Trojan.Adload-2285, Adload.AFIM, TROJ_ADLOAD.PP. Malware Analysis of W32/Downloader.TXIW-2697 – FLOODCORE.DLL Created files: %SYSDIR%\WEB.INI %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0BE31133-48CF-422F-BF31-BA0F407B5224 %SYSDIR%\FLOODCORE.DLL %SYSDIR%\PUIHILE.DLL %SYSDIR%\TAOB.DLL Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{6E28339B-7A2A-47B6-AEB2-46BA53782379}\INPROCSERVER32\: “%SYSDIR%\TAOB.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{C4560D12-CE25-4A2E-A5D4-B5070FCBE282}\INPROCSERVER32\: “%SYSDIR%\PUIHILE.DLL” HKLM\Software\Softfy\CSID\dllname: “puihile.dll” Detected by UnHackMe: FLOODCORE.DLL Default location: %SYSDIR%\FLOODCORE.DLL Dropper hash(md5): 030bc9cb1468ae55feabb813ac345be1 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

Win32.TRDownloader also known as Trojan.Generic.2925257, Trojan.Agent.RQBZ, Win32:Malware-gen. Malware Analysis of Win32.TRDownloader – TRY4854.DLL Created files: %SYSDIR%\PUIHILE.DLL %SYSDIR%\TAOB.DLL %SYSDIR%\TRY4854.DLL %SYSDIR%\WEB.INI Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{6E28339B-7A2A-47B6-AEB2-46BA53782379}\INPROCSERVER32\: “%SYSDIR%\TAOB.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{C4560D12-CE25-4A2E-A5D4-B5070FCBE282}\INPROCSERVER32\: “%SYSDIR%\PUIHILE.DLL” HKLM\Software\Softfy\CSID\dllname: “puihile.dll” Detected by UnHackMe: TRY4854.DLL Default location: %SYSDIR%\TRY4854.DLL Dropper hash(md5): 030bc9cb1468ae55feabb813ac345be1 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Downloader.Generic9.AESW also known as TrojanDownloader:Win32/Adload.BI, TrojanDownloader.Adload.nlm, W32/Adload.NLM!tr.dldr. Malware Analysis of Downloader.Generic9.AESW – PUIHILE.DLL Created files: %APPDATA%\MICROSOFT\PROTECT\S-1-5-21-2250177403-3231077850-1239169437-1002\0BE31133-48CF-422F-BF31-BA0F407B5224 %SYSDIR%\FLOODCORE.DLL %SYSDIR%\PUIHILE.DLL %SYSDIR%\TAOB.DLL %SYSDIR%\TRY4854.DLL Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{6E28339B-7A2A-47B6-AEB2-46BA53782379}\INPROCSERVER32\: “%SYSDIR%\TAOB.DLL” HKLM\SOFTWARE\CLASSES\CLSID\{C4560D12-CE25-4A2E-A5D4-B5070FCBE282}\INPROCSERVER32\: “%SYSDIR%\PUIHILE.DLL” HKLM\Software\Softfy\CSID\dllname: “puihile.dll” Detected by UnHackMe: PUIHILE.DLL Default location: %SYSDIR%\PUIHILE.DLL Dropper hash(md5): 030bc9cb1468ae55feabb813ac345be1 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

Downloader.FWQ also known as Trojan.Generic-NrAX1BatpsT (Cloud), PUA/Outbrowse.Gen, Gen:Variant.Adware.Mikey.12161. Malware Analysis of Downloader.FWQ – BXIPIGPJ.DLL Created files: %TEMP%\ECGCABFBDFBEG.EXE %TEMP%\ECGCABFBDFBEG.ZIP %TEMP%\NSAD90B.TMP\BXIPIGPJ.DLL %TEMP%\NSAD90B.TMP\NSISUNZ.DLL %TEMP%\WER1092.TMP.APPCOMPAT.TXT Detected by UnHackMe: BXIPIGPJ.DLL DEFAULT LOCATION: %TEMP%\NSAD90B.TMP\BXIPIGPJ.DLL Dropper hash(md5): 0d451dfff1009127583e4061ee8edd3c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

not-a-virus:Downloader.Win32.DownloadSponsor.pj also known as PUP/DownloadAssistant, W32/DLSponsor.C.gen!Eldorado, Riskware/DownloadSponsor. Malware Analysis of not-a-virus:Downloader.Win32.DownloadSponsor.pj – DMR_72.EXE Created files: %TEMP%\DMR\DMR_72.EXE %TEMP%\DMR\MTXUXQXNNMBRFINN.DAT %PROFILE%\DESKTOP\CHEATBOOK DATABASE – CHIP DOWNLOADER.LNK Detected by UnHackMe: DMR_72.EXE DEFAULT LOCATION: %TEMP%\DMR\DMR_72.EXE Dropper hash(md5): f1991b3839e93a8426c43329947d0f4e UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Downloader.DownloadSponsor.p also known as Trojan.Win32.Agent.edqrfj, W32/DLSponsor.C.gen!Eldorado. Malware Analysis of Downloader.DownloadSponsor.p – DMR_72.EXE Created files: %TEMP%\DMR\DMR_72.EXE %TEMP%\DMR\MTXUXQXNNMBRFINN.DAT %PROFILE%\DESKTOP\CHEATBOOK DATABASE – CHIP DOWNLOADER.LNK Detected by UnHackMe: DMR_72.EXE DEFAULT LOCATION: %TEMP%\DMR\DMR_72.EXE Dropper hash(md5): f1991b3839e93a8426c43329947d0f4e UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Downloader.VB.MCH also known as Win32:Malware-gen, Trojan.Generic.6045424, Trojan/Downloader.VB.pch. Malware Analysis of Downloader.VB.MCH – VBWEBDOWNLOAD.DLL Created files: %LOCAL APPDATA%\MICROSOFT\WINDOWS\HISTORY\HISTORY.IE5\MSHIST012016081620160817\CONTAINER.DAT %TEMP%\ITNERNETIX\SVSHOST.EXE %SYSDIR%\MSINET.OCX %SYSDIR%\VBWEBDOWNLOAD.DLL Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\INPROCSERVER32\: “%SYSDIR%\MSINET.OCX” HKLM\SOFTWARE\CLASSES\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\INPROCSERVER32\: “%SYSDIR%\MSINET.OCX” HKLM\SOFTWARE\CLASSES\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}\INPROCSERVER32\: “%SYSDIR%\MSINET.OCX” HKLM\SOFTWARE\CLASSES\CLSID\{E85A813E-1E57-4801-B7ED-C1DAB87D0CEA}\INPROCSERVER32\: “%SYSDIR%\VBWEBDOWNLOAD.DLL” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINLOGON: “%TEMP%\ITNERNETIX\SVSHOST.EXE” Detected by UnHackMe: VBWEBDOWNLOAD.DLL Default location: %SYSDIR%\VBWEBDOWNLOAD.DLL Dropper hash(md5): 065ec3f50a8d8cf9496dad1c74a7ba42 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading →

Downloader.TDK also known as Riskware/OutBrowse, TROJ_GEN.R01TC0OL215, Trojan.Win32.Generic!BT. Malware Analysis of Downloader.TDK – IPCILVU.DLL Created files: %TEMP%\BEEHGEGFBJ.EXE %TEMP%\BEEHGEGFBJ.JBFGEGH %TEMP%\JBFGEGH.ZIP %TEMP%\NSG1A79.TMP\IPCILVU.DLL %TEMP%\NSG1A79.TMP\ZIPDLL.DLL Detected by UnHackMe: IPCILVU.DLL DEFAULT LOCATION: %TEMP%\NSG1A79.TMP\IPCILVU.DLL Dropper hash(md5): 2725e097601a57ca495286ab23351f62 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

not-a-virus:Downloader.SilentInstall also known as PUP.Optional.CheckOffer, Adware.InstallMonetizer.1, PUA/InstallMonetizer.Gen. Malware Analysis of not-a-virus:Downloader.SilentInstall – NSNHTML.DLL Created files: %TEMP%\NSS3777.TMP\NSDIALOGS.DLL %TEMP%\NSS3777.TMP\NSISUNZ.DLL %TEMP%\NSS3777.TMP\NSNHTML.DLL %TEMP%\NSS3777.TMP\OFFERASSETS.ZIP %TEMP%\NSS3777.TMP\REGISTRY.DLL Detected by UnHackMe: NSNHTML.DLL DEFAULT LOCATION: %TEMP%\NSS3777.TMP\NSNHTML.DLL Dropper hash(md5): 8fbbe16ec6234c75b6382b22e3d501bb UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

not-a-virus:Downloader.Win32.Somato.c also known as Application.Bundler.Somoto.V, Win32:Somoto-S [PUP], RDN/Generic PUP.x. Malware Analysis of not-a-virus:Downloader.Win32.Somato.c – SETUPCL.EXE Created files: %TEMP%\ICACHE-04044202.TMP %TEMP%\ILIST-00000000.TMP %TEMP%\NSB27A9.TMP\SETUPCL.EXE Detected by UnHackMe: SETUPCL.EXE DEFAULT LOCATION: %TEMP%\NSB27A9.TMP\SETUPCL.EXE Dropper hash(md5): bde6bf5ae5ea1e98e0fd07446e423a9c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Downloader.Agent.Win32.227568 also known as PUP.Optional.Somoto, PUA.Downloader!, Downloader.Agent.r4 (Not a Virus). Malware Analysis of Downloader.Agent.Win32.227568 – SETUPCL.EXE Created files: %TEMP%\ICACHE-04044202.TMP %TEMP%\ILIST-00000000.TMP %TEMP%\NSB27A9.TMP\SETUPCL.EXE Detected by UnHackMe: SETUPCL.EXE DEFAULT LOCATION: %TEMP%\NSB27A9.TMP\SETUPCL.EXE Dropper hash(md5): bde6bf5ae5ea1e98e0fd07446e423a9c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Downloader.Agent.r4 (Not a Virus) also known as Downloader.Agent.Win32.227568, Win32/Somoto.YCXONYB, RDN/Generic PUP.x. Malware Analysis of Downloader.Agent.r4 (Not a Virus) – SETUPCL.EXE Created files: %TEMP%\ICACHE-04044202.TMP %TEMP%\ILIST-00000000.TMP %TEMP%\NSB27A9.TMP\SETUPCL.EXE Detected by UnHackMe: SETUPCL.EXE DEFAULT LOCATION: %TEMP%\NSB27A9.TMP\SETUPCL.EXE Dropper hash(md5): bde6bf5ae5ea1e98e0fd07446e423a9c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Downloader.DownloadSponsor also known as PUA.Chipdigita3.Gen, a variant of Win32/DownloadSponsor.C potentially unwanted, Trojan.Generic.17922380. Malware Analysis of Downloader.DownloadSponsor – DMR_72.EXE Created files: %LOCAL APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\JUMPLISTCACHE\ADNAXBZHDQXDCU319_BM9G==.ICO %LOCAL APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\THUMBNAILS\6839C0C5B6617505C3714DF5F7F066F6.PNG %TEMP%\DMR\DMR_72.EXE %TEMP%\DMR\GGKJFSGQBZMWNEGS.DAT %STARTUP%-OLD\DEL_N.CMD Autostart registry keys: HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\52.0.2743.116\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: DMR_72.EXE DEFAULT LOCATION: %TEMP%\DMR\DMR_72.EXE…

Continue reading →

Malware Analysis of Downloader.Agent.Win32.293821 – 114841_STP.EXE Created files: %PROFILE%\DESKTOP\CONTINUE SKYPE INSTALLATION.LNK %TEMP%\ICREINSTALL_3A095358065C876FC3F1B46662D677ED.EXE %TEMP%\IS1293689599\114841_STP.EXE %TEMP%\IS1293689599\114841_STP.EXE.PART %TEMP%\ISH84078\CSS\IE6_MAIN.CSS Detected by UnHackMe: 114841_STP.EXE DEFAULT LOCATION: %TEMP%\IS1293689599\114841_STP.EXE Dropper hash(md5): 3a095358065c876fc3f1b46662d677ed UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware,…

Continue reading →

Downloader.FZJ also known as Trojan.OutBrowse.418, PUP/Win32.OutBrowse, Win32:PUP-gen [PUP]. Malware Analysis of Downloader.FZJ – KALLQFCY.DLL Created files: %TEMP%\1430132515.ECHCABFBBFDD %TEMP%\ECHCABFBBFDD.EXE %TEMP%\ECHCABFBBFDD.ZIP %TEMP%\NST399A.TMP\KALLQFCY.DLL %TEMP%\NST399A.TMP\NSISUNZ.DLL Detected by UnHackMe: KALLQFCY.DLL DEFAULT LOCATION: %TEMP%\NST399A.TMP\KALLQFCY.DLL Dropper hash(md5): 003fb2554258b0e3efdab35ac2394fb7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Downloader.Generic14.BCIV also known as Adware.Covus.33, BehavesLike.Win32.BadFile.hh, Riskware/DownloadSponsor. Malware Analysis of Downloader.Generic14.BCIV – DMR_72.EXE Created files: %LOCAL APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\JUMPLISTCACHE\ADNAXBZHDQXDCU319_BM9G==.ICO %LOCAL APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\THUMBNAILS\6839C0C5B6617505C3714DF5F7F066F6.PNG %TEMP%\DMR\DMR_72.EXE %TEMP%\DMR\GGKJFSGQBZMWNEGS.DAT %STARTUP%-OLD\DEL_N.CMD Autostart registry keys: HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\52.0.2743.116\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: DMR_72.EXE DEFAULT LOCATION: %TEMP%\DMR\DMR_72.EXE Dropper hash(md5): ecf2336494792325250352317b35a2d4 UnHackMe removes…

Continue reading →

Downloader.DownloadSponsor.q also known as Trojan.Generic.17922380, Trojan.Generic.17922380, Downloader.DownloadSponsor. Malware Analysis of Downloader.DownloadSponsor.q – DMR_72.EXE Created files: %LOCAL APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\JUMPLISTCACHE\ADNAXBZHDQXDCU319_BM9G==.ICO %LOCAL APPDATA%\MOZILLA\FIREFOX\PROFILES\J3CZWNGH.DEFAULT\THUMBNAILS\6839C0C5B6617505C3714DF5F7F066F6.PNG %TEMP%\DMR\DMR_72.EXE %TEMP%\DMR\GGKJFSGQBZMWNEGS.DAT %STARTUP%-OLD\DEL_N.CMD Autostart registry keys: HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath: “”%Program Files%\Google\Chrome\Application\52.0.2743.116\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level –multi-install –chrome” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString: “”%Program Files%\Google\Chrome\Application\52.0.2743.116\Installer\setup.exe” –uninstall –multi-install –chrome –system-level” Detected by UnHackMe: DMR_72.EXE DEFAULT LOCATION: %TEMP%\DMR\DMR_72.EXE Dropper hash(md5): ecf2336494792325250352317b35a2d4 UnHackMe removes…

Continue reading →

not-a-virus:Downloader.Win32.Somato.c also known as Trojan.Agent/Gen-Somoto, PUA.Downloader, Application.Bundler.Somoto.V. Malware Analysis of not-a-virus:Downloader.Win32.Somato.c – SETUPCL.EXE Created files: %TEMP%\NSN854F.TMP\SETUPCL.EXE Detected by UnHackMe: SETUPCL.EXE DEFAULT LOCATION: %TEMP%\NSN854F.TMP\SETUPCL.EXE Dropper hash(md5): 814651e80910a5d0ff621b94f8de9d19 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including…

Continue reading →

Downloader.Agent.Win32.227568 also known as Somoto BetterInstaller (PUA), Win32.Adware.Somato.Auto, Troj.Downloader.W32!c. Malware Analysis of Downloader.Agent.Win32.227568 – SETUPCL.EXE Created files: %TEMP%\NSN854F.TMP\SETUPCL.EXE Detected by UnHackMe: SETUPCL.EXE DEFAULT LOCATION: %TEMP%\NSN854F.TMP\SETUPCL.EXE Dropper hash(md5): 814651e80910a5d0ff621b94f8de9d19 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Downloader.Agent.r4 (Not a Virus) also known as a variant of Win32/Somoto.A potentially unwanted, Adware ( 004b8ea81 ), Win32.Adware.Somato.Auto. Malware Analysis of Downloader.Agent.r4 (Not a Virus) – SETUPCL.EXE Created files: %TEMP%\NSN854F.TMP\SETUPCL.EXE Detected by UnHackMe: SETUPCL.EXE DEFAULT LOCATION: %TEMP%\NSN854F.TMP\SETUPCL.EXE Dropper hash(md5): 814651e80910a5d0ff621b94f8de9d19 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

Downloader.SXF also known as GrayWare[AdWare]/Win32.OutBrowse.ci, PE:Trojan.Outbrowse!1.A1E2 [F], Trojan.Adware.OutBrowse.9. Malware Analysis of Downloader.SXF – CRZFFDO.DLL Created files: %TEMP%\BEEIFECIIJ.EXE %TEMP%\BEEIFECIIJ.JIICEFI %TEMP%\JIICEFI.ZIP %TEMP%\NSF24BA.TMP\CRZFFDO.DLL %TEMP%\NSF24BA.TMP\ZIPDLL.DLL Detected by UnHackMe: CRZFFDO.DLL DEFAULT LOCATION: %TEMP%\NSF24BA.TMP\CRZFFDO.DLL Dropper hash(md5): 1abe2020be6dedc874e5ea0cf204a2a0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Downloader.SYO also known as BehavesLike.Win32.Downloader.ch, Trojan.Generic.15820306, Trojan.Generic.15820306. Malware Analysis of Downloader.SYO – MROYZBN.DLL Created files: %TEMP%\ACFEAI.ZIP %TEMP%\BEECIAEFCA.ACFEAI %TEMP%\BEECIAEFCA.EXE %TEMP%\NSY1F1D.TMP\MROYZBN.DLL %TEMP%\NSY1F1D.TMP\ZIPDLL.DLL Detected by UnHackMe: MROYZBN.DLL DEFAULT LOCATION: %TEMP%\NSY1F1D.TMP\MROYZBN.DLL Dropper hash(md5): 1d369e3aa1a214741ae29084c17e0389 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Downloader.TGX also known as Generic PUA AL (PUA), PUP/Win32.OutBrowse. Malware Analysis of Downloader.TGX – BRLZLQK.DLL Created files: %TEMP%\BEECGJGFCA.ACFG %TEMP%\BEECGJGFCA.EXE %TEMP%\NSM34E7.TMP\BRLZLQK.DLL %TEMP%\NSM34E7.TMP\ZIPDLL.DLL %STARTUP%-OLD\DEL_N.CMD Detected by UnHackMe: BRLZLQK.DLL DEFAULT LOCATION: %TEMP%\NSM34E7.TMP\BRLZLQK.DLL Dropper hash(md5): 3e46cd501929d411222ecabb3a6d64a3 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →