W32.Mabezat.B!inf

malware No Comments

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

W32.Mabezat.B!inf also known as PE_MABEZAT.B-1, W32.Mabezat, Win32.Worm.Mabezat.Gen.

Malware Analysis of W32.Mabezat.B!inf – NEW FOLDER(3).EXE

Created files:

%Local Appdata%\Microsoft\CD Burning\autorun.inf
%Local Appdata%\Microsoft\CD Burning\KHATRA.exe
%Local Appdata%\Microsoft\CD Burning\New Folder(3).exe
%Local Appdata%\Microsoft\CD Burning\zPharaoh.exe
%Local Appdata%\Microsoft\FORMS\FRMCACHE.DAT

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\G_Host: “”%WinDir%\System\gHost.exe” /Reproduce”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Xplorer: “%WinDir%\Xplorer.exe”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “%SysDir%\KHATRA.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\objracer: “%SysDir%\KHATRA.exe”
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: “%SysDir%\KHATRA.exe”

Detected by UnHackMe:

NEW FOLDER(3).EXE
Default location: %LOCAL APPDATA%\MICROSOFT\CD BURNING\NEW FOLDER(3).EXE

Dropper hash(md5): 6a1fe95d7b66a3c8cda36502edcd2426

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

1
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

Tatva WordPress theme by IdeaBox

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera