Win32.Adware.Wajam.F

Adware No Comments

Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved! 5 Stars (5 / 5)

Win32.Adware.Wajam.F also known as Adware.Win32.Wajam.ic (v), HEUR/QVM30.1.0000.Malware.Gen.

Malware Analysis of Win32.Adware.Wajam.F – BENRFF.DLL

Created files:

%Program Files%\cf376740416fef3e01d33402f4e5f8ab\a8401a66162912b3a493200536f05760.exe
%Program Files%\cf376740416fef3e01d33402f4e5f8ab\b0ecbd39e0434f1eb08503065522d888.json
%Program Files%\cf376740416fef3e01d33402f4e5f8ab\e8393f8568366ac322382cd65c1fcafc\benrff.dll
%Program Files%\cf376740416fef3e01d33402f4e5f8ab\f4044646b00cf9f8a4c9663fe5d435cd\6054a6b9ce78d32189720964ca1c5a80.ico
%Program Files%\cf376740416fef3e01d33402f4e5f8ab\f4044646b00cf9f8a4c9663fe5d435cd\6a5df308f29ac1bd29d18b9a4c1fa3b1.ico

Autostart registry keys:

HKLM\Software\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}\InProcServer32\: “%Program Files%\cf376740416fef3e01d33402f4e5f8ab\f5d0019a76d2e8139d35a9d01c80f7d1.dll”
HKLM\Software\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}\InprocServer32\: “%Program Files%\cf376740416fef3e01d33402f4e5f8ab\f5d0019a76d2e8139d35a9d01c80f7d1.dll”
HKLM\Software\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\InprocServer32\: “%Program Files%\cf376740416fef3e01d33402f4e5f8ab\f5d0019a76d2e8139d35a9d01c80f7d1.dll”
HKLM\Software\Google\Chrome\Extensions\aaamnkbkbppehfhhkmiodoniifhfpkka\update_url: “https://clients2.google.com/service/update2/crx”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\cf376740416fef3e01d33402f4e5f8ab\DisplayName: “Wajam”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\cf376740416fef3e01d33402f4e5f8ab\UninstallString: “%WinDir%\90bf7f0c56d30f62e7b5d4131cff4e18.exe”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Uninstall – cos\UninstallString: “”%Program Files%\yesbnd\Uninst.exe” /cf={A16B1AF7-982D-40C3-B5C1-633E1A6A6678}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Uninstall – cos\DisplayName: “yessearches – Uninstall”
HKLM\System\CurrentControlSet\Services\2bf9390f7ac68e2739e889ad1eecce1b\ImagePath: “”%Program Files%\cf376740416fef3e01d33402f4e5f8ab\a8401a66162912b3a493200536f05760.exe””
HKLM\System\CurrentControlSet\Services\2bf9390f7ac68e2739e889ad1eecce1b\DisplayName: “2bf9390f7ac68e2739e889ad1eecce1b”
HKLM\System\CurrentControlSet\Services\skusenzecultMdlservice\ImagePath: “”%Program Files%\Skusenzecult\skusenzecultMdlservice.exe” {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678}”
HKLM\System\CurrentControlSet\Services\skusenzecultMdlservice\DisplayName: “Skusenzecult Module”

Detected by UnHackMe:

BENRFF.DLL
Default location: %PROGRAM FILES%\CF376740416FEF3E01D33402F4E5F8AB\E8393F8568366AC322382CD65C1FCAFC\BENRFF.DLL

Dropper hash(md5): bc10d8343d9b5127c9d0ddd319290a01

Written by 

Malware Hunter.

UnHackMe removes malware invisible for your antivirus!

Free Download

4
UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.

Tatva WordPress theme by IdeaBox

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera