Riskware.Win32.AdGazelle.dpigvd

malware No Comments

Riskware.Win32.AdGazelle.dpigvd also known as a variant of Win32/AdGazelle.D potentially unwanted, Riskware/AdGazelle, PUP/Win32.Agent. Malware Analysis of Riskware.Win32.AdGazelle.dpigvd – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

a variant of Win32/Softcnapp.I potentially unwanted

malware No Comments

a variant of Win32/Softcnapp.I potentially unwanted also known as Adware.GenericKD.4588278, Adware.Softcnapp.701984.A[h], Adware.GenericKD.4588278. Malware Analysis of a variant of Win32/Softcnapp.I potentially unwanted – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\”…

Continue reading

PUA.Win32.AdGazelle.D

malware No Comments

PUA.Win32.AdGazelle.D also known as PUA.AdGazelle, Riskware.Win32.AdGazelle.dpigvd, TROJ_GEN.R0C1H09CF15. Malware Analysis of PUA.Win32.AdGazelle.D – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

W32/Trojan.OJAA-7902

Trojan No Comments

W32/Trojan.OJAA-7902 also known as Adware ( 004e10411 ), Riskware/Softcnapp, Win32.Application.Agent.YEU2PC. Malware Analysis of W32/Trojan.OJAA-7902 – SETUP_ZNYKB050.EXE Created files: %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program…

Continue reading

Trojan.Win32.Z.Razy.968404[h]

Trojan No Comments

Trojan.Win32.Z.Razy.968404[h] also known as PossibleThreat, W32/Trojan.SKFF-3897, W32.Trojan.Gen. Malware Analysis of Trojan.Win32.Z.Razy.968404[h] – KP_25204.EXE Created files: %APPDATA%\IQIYI VIDEO\PSTYLE\WEBCACHE\8\WEBPAGE.HTML %APPDATA%\IQIYISETUP_QUDAO@KB133.EXE %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll”…

Continue reading

Win32.Application.Agent.168VNT

malware No Comments

Win32.Application.Agent.168VNT also known as Trojan.GenericKD.4704217 (B), Adware.GenericKDCRTD.Win32.6052, Trojan.Win32.Generic!BT. Malware Analysis of Win32.Application.Agent.168VNT – SCMUTUAL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”…

Continue reading

Pua.Youxun

malware No Comments

Pua.Youxun also known as Riskware ( 004de3861 ), Generic PUA LH (PUA), Riskware ( 004de3861 ). Malware Analysis of Pua.Youxun – YOUWO.EXE Created files: %Program Files%\YouXunBox\xldl.dll %Program Files%\YouXunBox\youwo.dmp %Program Files%\YouXunBox\youwo.exe %Program Files%\YouXunBox\youwopc.exe %Program Files%\YouXunBox\youwosj.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\:…

Continue reading

malicious_confidence_71% (W)

malware No Comments

malicious_confidence_71% (W) also known as W32.Trojan.Gen, Win.Trojan.Agent-5404323-0, Trojan.Win32.Generic!BT. Malware Analysis of malicious_confidence_71% (W) – KP_25204.EXE Created files: %APPDATA%\IQIYI VIDEO\PSTYLE\WEBCACHE\8\WEBPAGE.HTML %APPDATA%\IQIYISETUP_QUDAO@KB133.EXE %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program…

Continue reading

a variant of Win32/Softcnapp.E potentially unwanted

malware No Comments

a variant of Win32/Softcnapp.E potentially unwanted also known as W32.HfsAdware.2312, Malicious, malicious_confidence_69% (D). Malware Analysis of a variant of Win32/Softcnapp.E potentially unwanted – SCMUTUAL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe…

Continue reading

Adware.Softcnapp.1824288.A[h]

Adware No Comments

Adware.Softcnapp.1824288.A[h] also known as TROJ_GEN.R00XC0OAR17, Win32:Adware-gen [Adw], W32.Adware.Gen. Malware Analysis of Adware.Softcnapp.1824288.A[h] – SCMBMANAGER.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”…

Continue reading

a variant of Win32/AdGazelle.D potentially unwanted

malware No Comments

a variant of Win32/AdGazelle.D potentially unwanted also known as PUA.Win32.AdGazelle.D, Trojan.GenericKD.2231884, Trojan.Win32.Generic!BT. Malware Analysis of a variant of Win32/AdGazelle.D potentially unwanted – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading

Artemis!BA8C7237650D

malware No Comments

Artemis!BA8C7237650D also known as malicious_confidence_69% (D), Win32:Adware-gen [Adw], Adware.Softcnapp.701984.A[h]. Malware Analysis of Artemis!BA8C7237650D – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program…

Continue reading

TROJ_GEN.R01BC0OAO17

Trojan No Comments

TROJ_GEN.R01BC0OAO17 also known as Generic PUA CH (PUA), Artemis!1B3EE3F64FF3, Trojan.Win32.Generic!BT. Malware Analysis of TROJ_GEN.R01BC0OAO17 – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading

TROJ_GEN.R023C0OCH17

Trojan No Comments

TROJ_GEN.R023C0OCH17 also known as Adware ( 004dd5ca1 ), Trojan.Win32.Generic!BT, Artemis. Malware Analysis of TROJ_GEN.R023C0OCH17 – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading

Trojan.Gen.8!cloud

Trojan No Comments

Trojan.Gen.8!cloud also known as virus.win32.parite.b, W32.HfsAdware.2312, Adware.GenericKDCRTD.Win32.6052. Malware Analysis of Trojan.Gen.8!cloud – SCUSERPAGE.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCUninst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCUpd.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCUserPage.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCUtil32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCUtil32.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading

Adware.GenericKD.4588278 (B)

Adware No Comments

Adware.GenericKD.4588278 (B) also known as Adware ( 004dd5ca1 ), Adware ( 004dd5ca1 ), Artemis!BA8C7237650D. Malware Analysis of Adware.GenericKD.4588278 (B) – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program…

Continue reading

Trojan.PatchedCRTD.Win32.10990

Trojan No Comments

Trojan.PatchedCRTD.Win32.10990 also known as Adware.VRBrothers. Malware Analysis of Trojan.PatchedCRTD.Win32.10990 – FWZS.EXE Created files: %TEMP%\RARSFX0\FWZS\BIN\UI\STYLE\IMAGES\SEARCH-BG.PNG %TEMP%\RARSFX0\FWZS\UNINSTALL.EXE %TEMP%\RARSFX0\FWZS\BIN\ADBFWZS.EXE %TEMP%\RARSFX0\FWZS\BIN\ADBWINAPI.DLL %TEMP%\RARSFX0\FWZS\BIN\ADBWINUSBAPI.DLL Detected by UnHackMe: FWZS.EXE DEFAULT LOCATION: %TEMP%\RARSFX0\FWZS\BIN\ADBFWZS.EXE Dropper hash(md5): 125ca4fb06c20bd3a1ed65ead7253c10 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading

W32/Trojan.BIET-3634

Trojan No Comments

W32/Trojan.BIET-3634 also known as Adware.GenericKD.4588278, Adware.GenericKD.4588278, malicious_confidence_69% (D). Malware Analysis of W32/Trojan.BIET-3634 – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”…

Continue reading

W32.Adware.Gen

Adware No Comments

W32.Adware.Gen also known as Adware.GenericKD.4588278, Adware.GenericKD.4588278, Riskware.Agent!. Malware Analysis of W32.Adware.Gen – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading

Artemis!C9293FE33533

malware No Comments

Artemis!C9293FE33533 also known as Adware.Softcnapp.1050144.B[h], Adware ( 004dd5ca1 ), Trojan.Win32.Generic!BT. Malware Analysis of Artemis!C9293FE33533 – SCMUTUAL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading

PUP.BrowseFox/Variant

malware No Comments

PUP.BrowseFox/Variant also known as TROJ_GEN.R00XC0OAR17, Riskware/Softcnapp, Win32:Adware-gen [Adw]. Malware Analysis of PUP.BrowseFox/Variant – SCMBMANAGER.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”…

Continue reading

a variant of Win32/Softcnapp.J potentially unwanted

malware No Comments

a variant of Win32/Softcnapp.J potentially unwanted also known as Trojan.Gen.2, Adware ( 004dd5ca1 ). Malware Analysis of a variant of Win32/Softcnapp.J potentially unwanted – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\:…

Continue reading

Trojan.GenericKD.2231884

Trojan No Comments

Trojan.GenericKD.2231884 also known as Riskware/AdGazelle, PUA.AdGazelle. Malware Analysis of Trojan.GenericKD.2231884 – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading

TROJ_GEN.R00XC0OAR17

Trojan No Comments

TROJ_GEN.R00XC0OAR17 also known as Trojan.Gen.2, Adware.GenericKDCRTD.Win32.6052, Adware ( 004dd5ca1 ). Malware Analysis of TROJ_GEN.R00XC0OAR17 – SCMBMANAGER.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading

Generic PUA CH (PUA)

malware No Comments

Generic PUA CH (PUA) also known as Win32.Application.Agent.1273BK, generic.ml, W32.HfsAdware.2312. Malware Analysis of Generic PUA CH (PUA) – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\:…

Continue reading

Adware.Softcnapp.1644064[h]

Adware No Comments

Adware.Softcnapp.1644064[h] also known as Artemis!1B3EE3F64FF3, Artemis!PUP, Trojan.Win32.Generic!BT. Malware Analysis of Adware.Softcnapp.1644064[h] – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading

Trojan.Midie.D243D

Trojan No Comments

Trojan.Midie.D243D also known as MultiPlug (v), MultiPlug (PUA), PUA.Multiplug. MALWARE ANALYSIS OF TROJAN.MIDIE.D243D – 1FCAC867BE01F01AEB054B08EEB5C3D7.EXE Created files: %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.DAT %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.EXE %WINDIR%\TASKS\DIYGUIDE.JOB Detected by UnHackMe: 1FCAC867BE01F01AEB054B08EEB5C3D7.EXE DEFAULT LOCATION: %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.EXE Dropper hash(md5): 1fcac867be01f01aeb054b08eeb5c3d7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading

Gen:Variant.Midie.9277

malware No Comments

Gen:Variant.Midie.9277 also known as Riskware/MultiPlug, Unwanted-Program ( 004cbc931 ), Win32.Adware.Generic.bb. MALWARE ANALYSIS OF GEN:VARIANT.MIDIE.9277 – 1FCAC867BE01F01AEB054B08EEB5C3D7.EXE Created files: %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.DAT %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.EXE %WINDIR%\TASKS\DIYGUIDE.JOB Detected by UnHackMe: 1FCAC867BE01F01AEB054B08EEB5C3D7.EXE DEFAULT LOCATION: %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.EXE Dropper hash(md5): 1fcac867be01f01aeb054b08eeb5c3d7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading

Gen:Variant.Midie.9277 (B)

malware No Comments

Gen:Variant.Midie.9277 (B) also known as Gen:Variant.Midie.9277, static engine – malicious. MALWARE ANALYSIS OF GEN:VARIANT.MIDIE.9277 (B) – 1FCAC867BE01F01AEB054B08EEB5C3D7.EXE Created files: %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.DAT %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.EXE %WINDIR%\TASKS\DIYGUIDE.JOB Detected by UnHackMe: 1FCAC867BE01F01AEB054B08EEB5C3D7.EXE DEFAULT LOCATION: %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.EXE Dropper hash(md5): 1fcac867be01f01aeb054b08eeb5c3d7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Win.Adware.Agent-1321919

Adware No Comments

Win.Adware.Agent-1321919 also known as AdWare.W32.MultiPlug.mzN0, MultiPlug (PUA), Win32.Adware.Generic.bb. MALWARE ANALYSIS OF WIN.ADWARE.AGENT-1321919 – 1204754AD77D4FDF81D2CB092EE9E4EE.EXE Created files: %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\DD1D66FEE382E07E %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.DAT %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.EXE %SYSDIR%\TASKS\NATURALBALANCE %WINDIR%\TASKS\NATURALBALANCE.JOB Detected by UnHackMe: 1204754AD77D4FDF81D2CB092EE9E4EE.EXE DEFAULT LOCATION: %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.EXE Dropper hash(md5): 1204754ad77d4fdf81d2cb092ee9e4ee UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading

Tatva WordPress theme by IdeaBox

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera