DeepScan:Generic.Keylogger.2.18DDDA29
DeepScan:Generic.Keylogger.2.18DDDA29 also known as Worm.Win32.AutoRun!O, Worm.Win32.AutoRun.cdlp, TrojWare.Win32.Cosmu.BHL. Malware Analysis of DeepScan:Generic.Keylogger.2.18DDDA29 – X0HLNJ7WQKCX.EXE Created files: %Appdata%\data.dat %Appdata%\Thing.exe %Temp%\X0HLNJ7WQKCX.exe Autostart registry keys: HKLM\Software\Microsoft\Active Setup\Installed Components\{DE7D1BF1-8CC3-43AC-D7EB-4ED2EAA0CE2A}\StubPath: “%Appdata%\Thing.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\run\BoooooNiger: “%Appdata%\Thing.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BoooooNiger: “%Appdata%\Thing.exe” HKCU\Software\Microsoft\Active Setup\Installed Components\{DE7D1BF1-8CC3-43AC-D7EB-4ED2EAA0CE2A}\StubPath: “%Appdata%\Thing.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BoooooNiger: “%Appdata%\Thing.exe” Detected by UnHackMe: X0HLNJ7WQKCX.EXE Default location: %TEMP%\X0HLNJ7WQKCX.EXE Dropper hash(md5): c5fba39eeacb7c0a920d8deff047427e UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…