Category Archives: malware

a variant of Win32/Rising.B potentially unwanted

malware No Comments

a variant of Win32/Rising.B potentially unwanted also known as Backdoor.Xyligan, Artemis!66233F5FFCFF, Riskware.Agent!. Malware Analysis of a variant of Win32/Rising.B potentially unwanted – INS1256858.EXE Created files: %COMMON APPDATA%\RISING\RAC\RAV.INI %TEMP%\DD5F92973F5A145EF5DA0F32B5E0A39A.JSON %TEMP%\INS1256858.EXE.LOG %TEMP%\NSSD2D1.TMP\1.RAR %TEMP%\NSSD2D1.TMP\9377MYCS_Y_MGAZ2_01.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe””…

Continue reading

W32.Gen.BT

malware No Comments

W32.Gen.BT also known as UDS:DangerousObject.Multi.Generic, Backdoor:Win32/Zegost.AD!bit, Trojan.GenericKD.4564741. Malware Analysis of W32.Gen.BT – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d UnHackMe removes malware invisible for your…

Continue reading

MSIL/Injecto.58E1!tr

malware No Comments

MSIL/Injecto.58E1!tr also known as Trojan.Generic.20310542, HEUR:Trojan.Win32.Generic, Win32:Malware-gen. Malware Analysis of MSIL/Injecto.58E1!tr – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading

HEUR/QVM39.1.3A53.Malware.Gen

malware No Comments

HEUR/QVM39.1.3A53.Malware.Gen also known as Malware.Heuristic!ET#93% (rdm+) , malicious_confidence_87% (D), TrojWare.Win32.Kryptik.ATA. Malware Analysis of HEUR/QVM39.1.3A53.Malware.Gen – TMD625.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: TMD625.DLL Default location: %SYSDIR%\TMD625.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Gen:Variant.Symmi.14354 (B)

malware No Comments

Gen:Variant.Symmi.14354 (B) also known as Trojan ( 0040ed1c1 ), malicious_confidence_100% (D), TROJ_GEN.R0E3C0DAD17. Malware Analysis of Gen:Variant.Symmi.14354 (B) – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

PUA.Wews87!8.642 (cloud:8AaTlPhNa1R)

malware No Comments

PUA.Wews87!8.642 (cloud:8AaTlPhNa1R) also known as a variant of Win32/Wews87.A potentially unwanted, Win32.Application.Agent.LED4GR. Malware Analysis of PUA.Wews87!8.642 (cloud:8AaTlPhNa1R) – YX_DTS.EXE Created files: %TEMP%\NSSD2D1.TMP\SYSTEM.DLL %TEMP%\NSSD2D1.TMP\UCBROWSER_V3.1.1644.29_4443_(BUILD14102814)_DOWNLOADER.EXE %TEMP%\NSSD2D1.TMP\YX_DTS.EXE %TEMP%\NSX1004.TMP\BG.BMP %TEMP%\NSX1004.TMP\BGWORKER.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd Service” HKLM\System\CurrentControlSet\services\sysmon\ImagePath: “system32\DRIVERS\sysmon.sys”…

Continue reading

PSW.OnlineGames4.BOKM

malware No Comments

PSW.OnlineGames4.BOKM also known as pws.win32.zakahic.a, Win32.Trojan.Gamepass.Peqg, Gen:Variant.Symmi.14354. Malware Analysis of PSW.OnlineGames4.BOKM – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

Application.AdLink (A)

malware No Comments

Application.AdLink (A) also known as RDN/Generic PUP.x, Riskware.Win32.Linkury.emdsvy, Adware.Linkury.44544[h]. Malware Analysis of Application.AdLink (A) – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware invisible for your antivirus!…

Continue reading

a variant of Win32/Injector.CJVZ

malware No Comments

a variant of Win32/Injector.CJVZ also known as virus.win32.sality.at, Trojan/Win32.Zegost.R196288, Malware.Generic.5!tfe (cloud:Ko7kIYCm03R) . Malware Analysis of a variant of Win32/Injector.CJVZ – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper…

Continue reading

W32/Generic.AC.3D73A8!tr

malware No Comments

W32/Generic.AC.3D73A8!tr also known as Trojan.Win32.Swizzor.1!O, Ransom.Locky, Trojan.Generic.D45A705. Malware Analysis of W32/Generic.AC.3D73A8!tr – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d UnHackMe removes malware invisible for your…

Continue reading

Application.MSIL.Linkury.~BI

malware No Comments

Application.MSIL.Linkury.~BI also known as PUP/Win32.Linkury.R196393, not-a-virus:HEUR:WebToolbar.Win32.Linkury.gen, TROJ_GEN.R01BC0ECB17. Malware Analysis of Application.MSIL.Linkury.~BI – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading

BrowserModifier:Win32/CNNIC

malware No Comments

BrowserModifier:Win32/CNNIC also known as Adware.Cdnup.A, Adware.Win32.Cdnup.avu, Trojan.Win32.Pakes.lmb. Malware Analysis of BrowserModifier:Win32/CNNIC – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading

Riskware.Win32.Linkury.emdsvy

malware No Comments

Riskware.Win32.Linkury.emdsvy also known as MSIL.Application.Linkury.O, TROJ_GEN.R01BC0ECB17, malicious_confidence_77% (D). Malware Analysis of Riskware.Win32.Linkury.emdsvy – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware invisible for your antivirus! UnHackMe is…

Continue reading

PUP/Win32.Linkury.R196393

malware No Comments

PUP/Win32.Linkury.R196393 also known as W32.Adware.Gen, RiskWare[WebToolbar]/Win32.Linkury, Application.AdLink (A). Malware Analysis of PUP/Win32.Linkury.R196393 – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware invisible for your antivirus! UnHackMe is…

Continue reading

Artemis!329AFF38DD87

malware No Comments

Artemis!329AFF38DD87 also known as Win32.Application.Agent.KIWYS7, a variant of Win32/OutBrowse.BZ potentially unwanted, PUA.FlashBeat. Malware Analysis of Artemis!329AFF38DD87 – BEEHEIEEHD.EXE Created files: %TEMP%\WER3E9D.TMP.MDMP %TEMP%\WERF44E.TMP.WERINTERNALMETADATA.XML %TEMP%\BEEHEIEEHD.EXE %TEMP%\ICACHE-04044202.TMP %TEMP%\ILIST-00000000.TMP Detected by UnHackMe: BEEHEIEEHD.EXE DEFAULT LOCATION: %TEMP%\BEEHEIEEHD.EXE Dropper hash(md5): 13e7265d2b37bef83f1b618ae607d177 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Ransom.SageLocker

malware No Comments

Ransom.SageLocker also known as GenericR-JLF!12C6A555B5DD, Win32/Trojan.Ransom.b1f, Trojan-Ransom.Win32.SageCrypt.asr. Malware Analysis of Ransom.SageLocker – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading

Ransom_Milicry.R023C0CCN17

malware No Comments

Ransom_Milicry.R023C0CCN17 also known as Ransom.Cry, Trojan.Win32.Z.Agent.458496.A[h], Trojan ( 004f76a01 ). Malware Analysis of Ransom_Milicry.R023C0CCN17 – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

a variant of MSIL/Toolbar.Linkury.BI potentially unwanted

malware No Comments

a variant of MSIL/Toolbar.Linkury.BI potentially unwanted also known as Linkury.EVD, Win32/Virus.WebToolbar.d32. Malware Analysis of a variant of MSIL/Toolbar.Linkury.BI potentially unwanted – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe…

Continue reading

Generic.awn

malware No Comments

Generic.awn also known as TROJ_GEN.R02PC0DAH17, Trojan/MSIL.Packed.Confuser.P, Trojan.MSIL.Crypt. Malware Analysis of Generic.awn – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading

a variant of Win32/PSW.OnLineGames.QEJ

malware No Comments

a variant of Win32/PSW.OnLineGames.QEJ also known as Gen:Variant.Symmi.14354, Gen:Variant.Symmi.14354, HEUR:Trojan.Win32.Generic. Malware Analysis of a variant of Win32/PSW.OnLineGames.QEJ – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

Artemis!09D50103A5A6

malware No Comments

Artemis!09D50103A5A6 also known as Trojan.GenericKD.4564741, Generic_r.RBI, malicious_confidence_67% (W). Malware Analysis of Artemis!09D50103A5A6 – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d UnHackMe removes malware invisible for…

Continue reading

TR/AD.Zegost.jthbh

malware No Comments

TR/AD.Zegost.jthbh also known as UDS:DangerousObject.Multi.Generic, Trojan.GenericKD.4564741 (B), Trojan.Win32.Swizzor.1!O. Malware Analysis of TR/AD.Zegost.jthbh – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d UnHackMe removes malware invisible for…

Continue reading

W32/SageCrypt.ASR!tr

malware No Comments

W32/SageCrypt.ASR!tr also known as Win32.Trojan.Sagecrypt.Dygs, TR/Crypt.Xpack.ykxwa, malicious (moderate confidence). Malware Analysis of W32/SageCrypt.ASR!tr – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

Artemis!D3F054DE4C81

malware No Comments

Artemis!D3F054DE4C81 also known as Win32.Trojan.Falsesign.Wtdg, not-a-virus:AdWare.Win32.Wews87.rg, Win32.Application.Agent.LED4GR. Malware Analysis of Artemis!D3F054DE4C81 – YX_DTS.EXE Created files: %TEMP%\NSSD2D1.TMP\SYSTEM.DLL %TEMP%\NSSD2D1.TMP\UCBROWSER_V3.1.1644.29_4443_(BUILD14102814)_DOWNLOADER.EXE %TEMP%\NSSD2D1.TMP\YX_DTS.EXE %TEMP%\NSX1004.TMP\BG.BMP %TEMP%\NSX1004.TMP\BGWORKER.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd Service” HKLM\System\CurrentControlSet\services\sysmon\ImagePath: “system32\DRIVERS\sysmon.sys” HKLM\System\CurrentControlSet\services\sysmon\DisplayName: “sysmon” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PPTASSIST\UNINSTALLSTRING: “%LOCAL APPDATA%\PPTASSIST\UTILITY\UNINST.EXE” HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPTAssist\DisplayName:…

Continue reading

Atros5.RXZ

malware No Comments

Atros5.RXZ also known as Ransom.Milicry, Trojan[Ransom]/Win32.SageCrypt, Trojan ( 004f76a01 ). Malware Analysis of Atros5.RXZ – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

Gen:Variant.Symmi.14354

malware No Comments

Gen:Variant.Symmi.14354 also known as Gen:Variant.Symmi.14354 (B), Artemis!4A8EF5BB1F0E, Trojan ( 0040ed1c1 ). Malware Analysis of Gen:Variant.Symmi.14354 – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading

BehavesLike.Win32.PWSGamania.cc

malware No Comments

BehavesLike.Win32.PWSGamania.cc also known as Trojan.Gen, W32/Onlinegames.QTX!tr.pws. Malware Analysis of BehavesLike.Win32.PWSGamania.cc – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading

Malware.Heuristic!ET#93% (rdm+)

malware No Comments

Malware.Heuristic!ET#93% (rdm+) also known as static engine – malicious, malicious_confidence_87% (D), Win32.Trojan.WisdomEyes.16070401.9500.9999. Malware Analysis of Malware.Heuristic!ET#93% (rdm+) – TMD625.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: TMD625.DLL Default location: %SYSDIR%\TMD625.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

W32/Zuten.C.gen!Eldorado

malware No Comments

W32/Zuten.C.gen!Eldorado also known as Trojan.Gen, Trojan ( 0040ed1c1 ), Gen:Variant.Symmi.14354. Malware Analysis of W32/Zuten.C.gen!Eldorado – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading

Generic PUA OC (PUA)

malware No Comments

Generic PUA OC (PUA) also known as TROJ_GEN.R01BC0ECB17, PUP/Win32.Linkury.R196393, Application.AdLink (A). Malware Analysis of Generic PUA OC (PUA) – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware…

Continue reading

Tatva WordPress theme by IdeaBox

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera