Category Archives: malware

Artemis!C6023B7AAB71

Artemis!C6023B7AAB71 also known as Adware.GenericKDCRTD.Win32.6052, a variant of Win32/Softcnapp.I potentially unwanted, W32.HfsAdware.2312. Malware Analysis of Artemis!C6023B7AAB71 – SCPLUGIN.DLL Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPower32.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPower64.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe…

Continue reading

Win32.Application.Agent.YEU2PC

Win32.Application.Agent.YEU2PC also known as Trojan.Win32.Crypted.dxxrkh, Win32:Adware-gen [Adw], Adware.Softcnapp.23. Malware Analysis of Win32.Application.Agent.YEU2PC – SETUP_ZNYKB050.EXE Created files: %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll”…

Continue reading

Application.Win32.BrowseFox.gblqz

Application.Win32.BrowseFox.gblqz also known as Trojan.Generic.D47C7D9, Trojan.GenericKD.4704217 (B), Generic PUA LL (PUA). Malware Analysis of Application.Win32.BrowseFox.gblqz – SCMUTUAL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\”…

Continue reading

Artemis!52B99F2537DD

Artemis!52B99F2537DD also known as Adware ( 004dd5ca1 ), TROJ_GEN.R01BC0OAG17, Trojan.Gen.2. Malware Analysis of Artemis!52B99F2537DD – SCTOOL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCService.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCSkinInst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCTool.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCUninst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCUpd.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading

PUA.Softcnapp

PUA.Softcnapp also known as Artemis!C6023B7AAB71, Adware.GenericKDCRTD.Win32.6052, W32.HfsAdware.2312. Malware Analysis of PUA.Softcnapp – SCPLUGIN.DLL Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPower32.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPower64.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading

Artemis!9938207F09B4

Artemis!9938207F09B4 also known as Artemis, a variant of Win32/Softcnapp.J potentially unwanted. Malware Analysis of Artemis!9938207F09B4 – SETUP_ZNYKB050.EXE Created files: %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading

Riskware ( 004de3861 )

Riskware ( 004de3861 ) also known as Artemis!1593D23EA644, Pua.Youxun. Malware Analysis of Riskware ( 004de3861 ) – YOUWO.EXE Created files: %Program Files%\YouXunBox\xldl.dll %Program Files%\YouXunBox\youwo.dmp %Program Files%\YouXunBox\youwo.exe %Program Files%\YouXunBox\youwopc.exe %Program Files%\YouXunBox\youwosj.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe…

Continue reading

Artemis!1593D23EA644

Artemis!1593D23EA644 also known as PUA.YouXun, Artemis!PUP, Riskware ( 004de3861 ). Malware Analysis of Artemis!1593D23EA644 – YOUWO.EXE Created files: %Program Files%\YouXunBox\xldl.dll %Program Files%\YouXunBox\youwo.dmp %Program Files%\YouXunBox\youwo.exe %Program Files%\YouXunBox\youwopc.exe %Program Files%\YouXunBox\youwosj.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading

Win32.Application.Agent.J7EPAU

Win32.Application.Agent.J7EPAU also known as Win32:Adware-gen [Adw], Trojan.Gen.2, Adware.GenericKDCRTD.Win32.6052. Malware Analysis of Win32.Application.Agent.J7EPAU – SCTOOL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCService.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCSkinInst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCTool.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCUninst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCUpd.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”…

Continue reading

Artemis!D641DA72446C

Artemis!D641DA72446C also known as Artemis!PUP, Trojan.Win32.Generic!BT, Trojan.Gen.2. Malware Analysis of Artemis!D641DA72446C – YX_YXS_AB.EXE Created files: %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO %PROFILE%\DESKTOP\360????.LNK Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll” HKLM\Software\Classes\CLSID\{10AFB451-4816-48A1-8DDD-0F9595EB9F67}\InProcServer32\: “%Program…

Continue reading

Artemis!1B3EE3F64FF3

Artemis!1B3EE3F64FF3 also known as Riskware/Softcnapp, W32.Adware.Gen, Trojan.Win32.Generic!BT. Malware Analysis of Artemis!1B3EE3F64FF3 – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading

Riskware/AdGazelle

Riskware/AdGazelle also known as PUP/Win32.Agent, Trojan.Win32.Generic!BT, TROJ_GEN.R0C1H09CF15. Malware Analysis of Riskware/AdGazelle – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

TR/Razy.yrfkc

TR/Razy.yrfkc also known as Trojan.ChinAd, Trojan ( 0001140e1 ), Uds.Dangerousobject.Multi!c. Malware Analysis of TR/Razy.yrfkc – KP_25204.EXE Created files: %APPDATA%\IQIYI VIDEO\PSTYLE\WEBCACHE\8\WEBPAGE.HTML %APPDATA%\IQIYISETUP_QUDAO@KB133.EXE %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading

Malware.Heuristic!ET#86% (rdm+)

Malware Analysis of Malware.Heuristic!ET#86% (rdm+) – VMSAFERYLMFZEZ30.EXE Created files: %TEMP%\UXASGVHKJVCWYASB.TMP %TEMP%\UXKEYUMNWIQOGBCS.TMP %TEMP%\VECTRBFLDNTGUXHH\VMSAFERYLMFZEZ30.EXE %TEMP%\VQGHIDDJEGFNBOTQ.TMP %TEMP%\VTLFGLJCMPNKLJRA\{9310504F-D19B-44F6-96A2-A487D573794F}.TMP Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll” HKLM\Software\Classes\CLSID\{10AFB451-4816-48A1-8DDD-0F9595EB9F67}\InProcServer32\: “%Program Files%\360\360Safe\Utils\npaxlogin.dll” HKLM\SOFTWARE\CLASSES\CLSID\{12793398-A212-446F-BA1E-1F1B5ABDB89C}\SHELL\OPEN\COMMAND\: “%SYSTEMROOT%\EXPLORER.EXE %SYSTEMDRIVE%\” HKLM\Software\Classes\CLSID\{12793398-A212-446F-BA1E-1F1B5ABDB89C}\InprocServer32\: “%Program…

Continue reading

PUA.AdGazelle

PUA.AdGazelle also known as PUP/Win32.Agent, a variant of Win32/AdGazelle.D potentially unwanted, Trojan.Win32.Generic!BT. Malware Analysis of PUA.AdGazelle – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Win32.Application.Agent.1273BK

Win32.Application.Agent.1273BK also known as Adware.GenericKDCRTD.Win32.6052, Adware ( 004dd5ca1 ). Malware Analysis of Win32.Application.Agent.1273BK – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program…

Continue reading

Riskware.Win32.YouXun.eloycv

Riskware.Win32.YouXun.eloycv also known as Riskware ( 004de7e01 ), Trojan.Gen.2, Trojan.Win32.Generic!BT. Malware Analysis of Riskware.Win32.YouXun.eloycv – YX_YXS_AB.EXE Created files: %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO %PROFILE%\DESKTOP\360????.LNK Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI…

Continue reading

Artemis!BB0563DD3D60

Artemis!BB0563DD3D60 also known as Trojan.Win32.Generic!BT, Trojan.GenericKD.2231884 (B), Riskware.Win32.AdGazelle.dpigvd. Malware Analysis of Artemis!BB0563DD3D60 – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

HW32.Packed.9273

HW32.Packed.9273 also known as SScope.Adware.Outbrowse, DLOADER.Trojan, malicious (moderate confidence). Malware Analysis of HW32.Packed.9273 – MEMEZHIBO_RIA_TG2_SILENT_2.EXE Created files: %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI…

Continue reading

Riskware.Win32.AdGazelle.dpigvd

Riskware.Win32.AdGazelle.dpigvd also known as a variant of Win32/AdGazelle.D potentially unwanted, Riskware/AdGazelle, PUP/Win32.Agent. Malware Analysis of Riskware.Win32.AdGazelle.dpigvd – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

a variant of Win32/Softcnapp.I potentially unwanted

a variant of Win32/Softcnapp.I potentially unwanted also known as Adware.GenericKD.4588278, Adware.Softcnapp.701984.A[h], Adware.GenericKD.4588278. Malware Analysis of a variant of Win32/Softcnapp.I potentially unwanted – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\”…

Continue reading

PUA.Win32.AdGazelle.D

PUA.Win32.AdGazelle.D also known as PUA.AdGazelle, Riskware.Win32.AdGazelle.dpigvd, TROJ_GEN.R0C1H09CF15. Malware Analysis of PUA.Win32.AdGazelle.D – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Win32.Application.Agent.168VNT

Win32.Application.Agent.168VNT also known as Trojan.GenericKD.4704217 (B), Adware.GenericKDCRTD.Win32.6052, Trojan.Win32.Generic!BT. Malware Analysis of Win32.Application.Agent.168VNT – SCMUTUAL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”…

Continue reading

Pua.Youxun

Pua.Youxun also known as Riskware ( 004de3861 ), Generic PUA LH (PUA), Riskware ( 004de3861 ). Malware Analysis of Pua.Youxun – YOUWO.EXE Created files: %Program Files%\YouXunBox\xldl.dll %Program Files%\YouXunBox\youwo.dmp %Program Files%\YouXunBox\youwo.exe %Program Files%\YouXunBox\youwopc.exe %Program Files%\YouXunBox\youwosj.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\:…

Continue reading

malicious_confidence_71% (W)

malicious_confidence_71% (W) also known as W32.Trojan.Gen, Win.Trojan.Agent-5404323-0, Trojan.Win32.Generic!BT. Malware Analysis of malicious_confidence_71% (W) – KP_25204.EXE Created files: %APPDATA%\IQIYI VIDEO\PSTYLE\WEBCACHE\8\WEBPAGE.HTML %APPDATA%\IQIYISETUP_QUDAO@KB133.EXE %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program…

Continue reading

a variant of Win32/Softcnapp.E potentially unwanted

a variant of Win32/Softcnapp.E potentially unwanted also known as W32.HfsAdware.2312, Malicious, malicious_confidence_69% (D). Malware Analysis of a variant of Win32/Softcnapp.E potentially unwanted – SCMUTUAL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe…

Continue reading

a variant of Win32/AdGazelle.D potentially unwanted

a variant of Win32/AdGazelle.D potentially unwanted also known as PUA.Win32.AdGazelle.D, Trojan.GenericKD.2231884, Trojan.Win32.Generic!BT. Malware Analysis of a variant of Win32/AdGazelle.D potentially unwanted – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba Share This: UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading

Artemis!BA8C7237650D

Artemis!BA8C7237650D also known as malicious_confidence_69% (D), Win32:Adware-gen [Adw], Adware.Softcnapp.701984.A[h]. Malware Analysis of Artemis!BA8C7237650D – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program…

Continue reading

Artemis!C9293FE33533

Artemis!C9293FE33533 also known as Adware.Softcnapp.1050144.B[h], Adware ( 004dd5ca1 ), Trojan.Win32.Generic!BT. Malware Analysis of Artemis!C9293FE33533 – SCMUTUAL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading

PUP.BrowseFox/Variant

PUP.BrowseFox/Variant also known as TROJ_GEN.R00XC0OAR17, Riskware/Softcnapp, Win32:Adware-gen [Adw]. Malware Analysis of PUP.BrowseFox/Variant – SCMBMANAGER.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”…

Continue reading

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera