Downloader.KCH also known as PUP.Optional.OutBrowse, Trojan.Win32.Generic!BT, Riskware/OutBrowse. Malware Analysis of Downloader.KCH – AOVKRQM.DLL Created files: %TEMP%\BEDFCBCAIF.FIAC %TEMP%\FIAC.ZIP %TEMP%\NSLD998.TMP\AOVKRQM.DLL %TEMP%\NSLD998.TMP\ZIPDLL.DLL %TEMP%\WER2EB3.TMP.APPCOMPAT.TXT Detected by UnHackMe: AOVKRQM.DLL DEFAULT LOCATION: %TEMP%\NSLD998.TMP\AOVKRQM.DLL Dropper hash(md5): 2ce41e086315582cc50f2794719f3104 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

not-a-virus:Downloader.Win32.Wajam.jzu also known as malicious_confidence_71% (D), a variant of Win32/RiskWare.HistoryChecker.J. Malware Analysis of not-a-virus:Downloader.Win32.Wajam.jzu – BRH.DLL Created files: %TEMP%\NSPFB93.TMP\REGISTRY.DLL %TEMP%\NSUAC36.TMP\INSTH.DLL %TEMP%\NSXB4C0.TMP\BRH.DLL %TEMP%\NSXB4C0.TMP\INETC.DLL %TEMP%\NSXB4C0.TMP\IPCONFIG.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}\LocalServer32\:…

Continue reading →

RiskWare[Downloader:not-a-virus]/Win32.Wajam also known as Win32.Trojan.WisdomEyes.16070401.9500.9999, Mal_MLWR-1, ADWARE/Wajam.obeni. Malware Analysis of RiskWare[Downloader:not-a-virus]/Win32.Wajam – 87CF1028EA29C6E0D1F4286541AE4C54.EXE Created files: %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\1a125257ac52ccda6604801314a8971c.ico %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\20451995dfa37cbef8c6500a099c09fa.exe %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\87cf1028ea29c6e0d1f4286541ae4c54.exe %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\a886985b917cd1e9a64a3aae34e38497 %Program Files%\K9-PC Protector\AppManager.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}\LocalServer32\: “”%Program…

Continue reading →

BehavesLike.Win32.Downloader.rh also known as Gen:Heur.Zygug.5, Gen:Heur.Zygug.5, ADWARE/Wajam.obeni. Malware Analysis of BehavesLike.Win32.Downloader.rh – 87CF1028EA29C6E0D1F4286541AE4C54.EXE Created files: %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\1a125257ac52ccda6604801314a8971c.ico %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\20451995dfa37cbef8c6500a099c09fa.exe %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\87cf1028ea29c6e0d1f4286541ae4c54.exe %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\a886985b917cd1e9a64a3aae34e38497 %Program Files%\K9-PC Protector\AppManager.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}\LocalServer32\: “”%Program…

Continue reading →

not-a-virus:Downloader.Win32.Wajam.jzs also known as Artemis!09C2FC487A9F, malicious_confidence_98% (W), Heur.AdvML.B. Malware Analysis of not-a-virus:Downloader.Win32.Wajam.jzs – 87CF1028EA29C6E0D1F4286541AE4C54.EXE Created files: %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\1a125257ac52ccda6604801314a8971c.ico %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\20451995dfa37cbef8c6500a099c09fa.exe %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\87cf1028ea29c6e0d1f4286541ae4c54.exe %Program Files%\3279c5bf552a7b0d6dd7e706e51f71bb\a886985b917cd1e9a64a3aae34e38497 %Program Files%\K9-PC Protector\AppManager.exe Autostart registry keys: HKLM\Software\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}\LocalServer32\: “”%Program Files%\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe”” HKLM\Software\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}\LocalServer32\:…

Continue reading →

Downloader.AFXR also known as Win32.Trojan.Outbrowse.Duo, PUP/Win32.OutBrowse, Trojan.Generic.15650882. Malware Analysis of Downloader.AFXR – BEFCEBGGGA.EXE Created files: %TEMP%\BEFCEBGGGA.EXE Detected by UnHackMe: BEFCEBGGGA.EXE DEFAULT LOCATION: %TEMP%\BEFCEBGGGA.EXE Dropper hash(md5): 6529ea322e253c89a97fa1506f3ed671 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including…

Continue reading →

Downloader.CXN also known as Trojan.Win32.Generic!BT, Trojan.Win32.S.Agent.120320.IE[h], PE:Malware.Generic/QRS!1.9E2D [F]. Malware Analysis of Downloader.CXN – SSH.DLL Created files: %TEMP%\BCBICABECBCA.EXE %TEMP%\NST2D84.TMP\NSISUNZ.DLL %TEMP%\NST2D84.TMP\SSH.DLL Detected by UnHackMe: SSH.DLL DEFAULT LOCATION: %TEMP%\NST2D84.TMP\SSH.DLL Dropper hash(md5): 5d7beca2f66d7c0a3f778bb05f6f0dd0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Downloader.ALHF also known as OutBrowse, OutBrowse, W32.eHeur.Malware00. Malware Analysis of Downloader.ALHF – BEFIJAJBEF.EXE Created files: %WINDIR%\TEMP\CR_C7DE2.TMP\SETUP.EXE %WINDIR%\TEMP\CR_C7DE2.TMP\SETUP_PATCH.PACKED.7Z %TEMP%\BEFIJAJBEF.EXE %TEMP%\WER45C5.TMP.APPCOMPAT.TXT %TEMP%\WER52E6.TMP.MDMP Detected by UnHackMe: BEFIJAJBEF.EXE DEFAULT LOCATION: %TEMP%\BEFIJAJBEF.EXE Dropper hash(md5): 9ab7ad613704045e8560d00aacde3a8c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Downloader.TDK also known as Gen:Variant.Midie.6641, Generic PUA IG (PUA), Win32:PUP-gen [PUP]. Malware Analysis of Downloader.TDK – IPCILVU.DLL Created files: %TEMP%\BEEHGEGFBJ.JBFGEGH %TEMP%\JBFGEGH.ZIP %TEMP%\NSQF453.TMP\IPCILVU.DLL %TEMP%\NSQF453.TMP\ZIPDLL.DLL %TEMP%\WER365F.TMP.APPCOMPAT.TXT Detected by UnHackMe: IPCILVU.DLL DEFAULT LOCATION: %TEMP%\NSQF453.TMP\IPCILVU.DLL Dropper hash(md5): a101a85677a8b69db15b247a1a776c53 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Downloader.ACWS also known as AdWare.OutBrowse.fak, Trojan.Win32.OutBrowse.dzaqbu, TROJ_GEN.R047C0OL615. Malware Analysis of Downloader.ACWS – BEEJBEEAIA.EXE Created files: %TEMP%\BEEJBEEAIA.EXE Detected by UnHackMe: BEEJBEEAIA.EXE DEFAULT LOCATION: %TEMP%\BEEJBEEAIA.EXE Dropper hash(md5): d6c6731b74efe683646b7b942e53a40c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including…

Continue reading →

Downloader.FFH also known as Trojan.OutBrowse.259, PUA.Win32.OutBrowse.BU, PUA/Outbrowse.Gen. Malware Analysis of Downloader.FFH – IXXBM.DLL Created files: %TEMP%\DDBCABFCDBCA.EXE %TEMP%\DDBCABFCDBCA.ZIP %TEMP%\NSCDED7.TMP\IXXBM.DLL %TEMP%\NSCDED7.TMP\NSISUNZ.DLL %TEMP%\OO9.DDBCABFCDBCA Detected by UnHackMe: IXXBM.DLL DEFAULT LOCATION: %TEMP%\NSCDED7.TMP\IXXBM.DLL Dropper hash(md5): b9d1cb536ee82a04e4456034c0bfe37e UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Downloader.GAK also known as Mal/Generic-S, Trojan.Generic.ftkl, Trojan.Win32.OutBrowse.dpuzhb. Malware Analysis of Downloader.GAK – ADSFAD.DLL Created files: %TEMP%\1430222517.ECICABFBBFBFE %TEMP%\ECICABFBBFBFE.EXE %TEMP%\ECICABFBBFBFE.ZIP %TEMP%\NSK23FF.TMP\ADSFAD.DLL %TEMP%\NSK23FF.TMP\NSISUNZ.DLL Detected by UnHackMe: ADSFAD.DLL DEFAULT LOCATION: %TEMP%\NSK23FF.TMP\ADSFAD.DLL Dropper hash(md5): efb7def36c19e12526eec36b12d817d0 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

BehavesLike.Win32.Downloader.jh also known as Trojan.Win32.OutBrowse.dyzjhw, PUP/Win32.OutBrowse, PUP.Optional.OutBrowse. Malware Analysis of BehavesLike.Win32.Downloader.jh – BEEJDGDGIE.EXE Created files: %TEMP%\BEEJDGDGIE.EXE Detected by UnHackMe: BEEJDGDGIE.EXE DEFAULT LOCATION: %TEMP%\BEEJDGDGIE.EXE Dropper hash(md5): dd2b2e5a4c364dc7b0a62e7d05b71074 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including…

Continue reading →

Downloader.ALHF also known as OutBrowse, W32/Outbrowse.K.gen!Eldorado, GrayWare[AdWare]/Win32.OutBrowse.cl. Malware Analysis of Downloader.ALHF – BEFIJAJBEF.EXE Created files: %TEMP%\NSW40ED.TMP\DTPPKSB.DLL %TEMP%\NSW40ED.TMP\ZIPDLL.DLL %TEMP%\BEFIJAJBEF.EXE %TEMP%\BEFIJAJBEF.FEBJ %TEMP%\BITDD3D.TMP Detected by UnHackMe: BEFIJAJBEF.EXE DEFAULT LOCATION: %TEMP%\BEFIJAJBEF.EXE Dropper hash(md5): c2368bf8c4ed26887943011f7dd7f849 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

FT Downloader (PUA) also known as GrayWare[WebToolbar:not-a-virus]/JS.CroRi.b, ADW_CROSSID, Crossrider.b. Malware Analysis of FT Downloader (PUA) – OCNPPPEJF.EXE Created files: %TEMP%\ILIST-00000000.TMP %TEMP%\NSPE3F8.TMP\FSOAHWCTA.TMP %TEMP%\NSPE3F8.TMP\OCNPPPEJF.EXE %TEMP%\NSPE3F8.TMP\STDUTILS.DLL %TEMP%\NSPE3F8.TMP\SYSTEM.DLL Detected by UnHackMe: OCNPPPEJF.EXE DEFAULT LOCATION: %TEMP%\NSPE3F8.TMP\OCNPPPEJF.EXE Dropper hash(md5): 50702c8ec17d7153d8d658306d54738b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Downloader.AEUD also known as Adware.Win32.OutBrowse.CL, not-a-virus:HEUR:AdWare.Win32.OutBrowse.heur, Artemis. Malware Analysis of Downloader.AEUD – BEFAHFGJDG.EXE Created files: %TEMP%\BEFAHFGJDG.EXE %TEMP%\WER8BF0.TMP.WERINTERNALMETADATA.XML %TEMP%\WERB440.TMP.APPCOMPAT.TXT %TEMP%\WERB858.TMP.MDMP Detected by UnHackMe: BEFAHFGJDG.EXE DEFAULT LOCATION: %TEMP%\BEFAHFGJDG.EXE Dropper hash(md5): 50d9f3a71041b38cf29735057782504f UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Downloader.RAR also known as PUP/Win32.OutBrowse.R162617, PUA.Downloader, PUA.OutBrowse!. Malware Analysis of Downloader.RAR – RTHAYEM.DLL Created files: %TEMP%\BEECEDHCII.IICHDEC %TEMP%\IICHDEC.ZIP %TEMP%\NSP7098.TMP\RTHAYEM.DLL %TEMP%\NSP7098.TMP\ZIPDLL.DLL %WINDIR%\TEMP\28BD.TMP Detected by UnHackMe: RTHAYEM.DLL DEFAULT LOCATION: %TEMP%\NSP7098.TMP\RTHAYEM.DLL Dropper hash(md5): 3a0720d6822f8a99e03067fb2e3ba041 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Downloader.AEZI also known as Application.Bundler.Outbrowse, OutBrowse Revenyou (PUA), W32/Outbrowse.K.gen!Eldorado. Malware Analysis of Downloader.AEZI – BEFBDAHHDG.EXE Created files: %WINDIR%\TEMP\F1A3.TMP %Program Files%\Google\Chrome\Temp\source756_4357\chrome_patch.diff %TEMP%\BEFBDAHHDG.EXE %WINDIR%\TEMP\37F7.TMP %WINDIR%\TEMP\A37E.TMP Detected by UnHackMe: BEFBDAHHDG.EXE DEFAULT LOCATION: %TEMP%\BEFBDAHHDG.EXE Dropper hash(md5): 26b7cf48b4275017bc4ae135adc41b34 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Downloader.DJP also known as Trojan.Generic-2gI0VKBeHjI (cloud), PUP.Bundler/Variant, RiskWare[Downloader]/NSIS.OutBrowse.by. Malware Analysis of Downloader.DJP – NGZ.DLL Created files: %TEMP%\CBACABFCCJD.EXE %TEMP%\CBACABFCCJD.ZIP %TEMP%\NSG26DD.TMP\NGZ.DLL %TEMP%\NSG26DD.TMP\NSISUNZ.DLL %TEMP%\RC8.CBACABFCCJD Detected by UnHackMe: NGZ.DLL DEFAULT LOCATION: %TEMP%\NSG26DD.TMP\NGZ.DLL Dropper hash(md5): 288f9a2136285c8dd661dc545158ceb3 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Downloader.TNI also known as Unwanted-Program ( 004ccc371 ), Generic Suspicious, PUA/Outbrowse.Gen. Malware Analysis of Downloader.TNI – PMEATRL.DLL Created files: %TEMP%\BEEIFFDGIJ.JIGDFFIE %TEMP%\JIGDFFIE.ZIP %TEMP%\NSXDD32.TMP\PMEATRL.DLL %TEMP%\NSXDD32.TMP\ZIPDLL.DLL %TEMP%\WERB9C1.TMP.WERINTERNALMETADATA.XML Detected by UnHackMe: PMEATRL.DLL DEFAULT LOCATION: %TEMP%\NSXDD32.TMP\PMEATRL.DLL Dropper hash(md5): 160b9f8b43cab75d38069bad793ca403 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Downloader.FRJ also known as a variant of Win32/OutBrowse.BY potentially unwanted, PUA/Outbrowse.Gen, Trojan.Application.Bundler.Mikey.D2FC7. Malware Analysis of Downloader.FRJ – PBIQM.DLL Created files: %TEMP%\DDACABFCDBC.ZIP %TEMP%\NSLDB1E.TMP\NSISUNZ.DLL %TEMP%\NSLDB1E.TMP\PBIQM.DLL %TEMP%\OO9.DDACABFCDBC %TEMP%\WER1611.TMP.APPCOMPAT.TXT Detected by UnHackMe: PBIQM.DLL DEFAULT LOCATION: %TEMP%\NSLDB1E.TMP\PBIQM.DLL Dropper hash(md5): 2c36e717904e589ef83a4a4db8dc6443 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

PUA.MSIL.Downloader also known as a variant of MSIL/Adware.Imali.E, trojan.win32.skeeyah.a!rfn, PUP-XAB-YE. Malware Analysis of PUA.MSIL.Downloader – FUF3747.EXE Created files: %WINDIR%\TEMP\EE15.TMP %Program Files%\Google\Chrome\Temp\source1280_13640\chrome_patch.diff %TEMP%\FUF3747.EXE %TEMP%\FUF3747.JS %TEMP%\FUF3747.TMP Detected by UnHackMe: FUF3747.EXE DEFAULT LOCATION: %TEMP%\FUF3747.EXE Dropper hash(md5): 2437667bbb5d808fe58ac32b0b7004f2 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

RiskWare[Downloader]/NSIS.OutBrowse.bu also known as Trojan.Win32.Generic!BT, Generic PUA DP (PUA), Trojan ( 004af69b1 ). Malware Analysis of RiskWare[Downloader]/NSIS.OutBrowse.bu – GG.DLL Created files: %Program Files%\Google\Chrome\Temp\source3000_30037\chrome_patch.diff %TEMP%\BACJCABEBBBIJ.EXE %TEMP%\NST150A.TMP\GG.DLL %TEMP%\NST150A.TMP\NSISUNZ.DLL %WINDIR%\TEMP\4FB6.TMP Detected by UnHackMe: GG.DLL DEFAULT LOCATION: %TEMP%\NST150A.TMP\GG.DLL Dropper hash(md5): 1c745fe0df5a7e4f878d493e5aaa7feb UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Downloader.AGDR also known as SScope.Adware.Outbrowse, PUP.Optional.OutBrowse, Tool.Bundler.Win32.3462. Malware Analysis of Downloader.AGDR – BEFCGGBDEC.EXE Created files: %WINDIR%\TEMP\CR_C2FE5.TMP\SETUP_PATCH.PACKED.7Z %Program Files%\Google\Chrome\Temp\source3064_31178\chrome_patch.diff %TEMP%\BEFCGGBDEC.EXE %WINDIR%\TEMP\3E07.TMP %WINDIR%\TEMP\4C21.TMP Detected by UnHackMe: BEFCGGBDEC.EXE DEFAULT LOCATION: %TEMP%\BEFCGGBDEC.EXE Dropper hash(md5): 2611db55fc4779c125fa40f5538e8b1a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

W32/Downloader.K.gen!Eldorado also known as Gen:Trojan.Heur.LP.kO5@aWIgVecb, Riskware.Agent!, Artemis!AAA24835739E. Malware Analysis of W32/Downloader.K.gen!Eldorado – TPSC.DLL Created files: %Program Files%\picview_201610040116\201610040116\picview.exe %Program Files%\picview_201610040116\201610040116\SysConfig.ini %Program Files%\picview_201610040116\201610040116\TPSC.dll %Program Files%\picview_201610040116\201610040116\Unins.exe %TEMP%\WER124A.TMP.WERINTERNALMETADATA.XML Detected by UnHackMe: TPSC.DLL Default location: %PROGRAM FILES%\PICVIEW_201610040116\201610040116\TPSC.DLL Dropper hash(md5): 0ec710513678f277bc7c4dfb13784abd UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Downloader.ABSP also known as rotect.dj, Trojan.Gen.2, PUA/Outbrowse.Gen. Malware Analysis of Downloader.ABSP – BEEIBGEJDH.EXE Created files: %TEMP%\BEEIBGEJDH.EXE %TEMP%\WER8AA2.TMP.WERINTERNALMETADATA.XML %TEMP%\WERB87F.TMP.APPCOMPAT.TXT %TEMP%\WERD3C9.TMP.MDMP Detected by UnHackMe: BEEIBGEJDH.EXE DEFAULT LOCATION: %TEMP%\BEEIBGEJDH.EXE Dropper hash(md5): 16949463599eb41d1afa63e59ea76319 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Downloader.TGG also known as Adware.Win32.OutBrowse.BY, Unwanted-Program ( 004ccc371 ), Win32:PUP-gen [PUP]. Malware Analysis of Downloader.TGG – JWIIOHD.DLL Created files: %TEMP%\BEEIFJGIIJ.JIIGJFIE %TEMP%\JIIGJFIE.ZIP %TEMP%\NSD5EB6.TMP\JWIIOHD.DLL %TEMP%\NSD5EB6.TMP\ZIPDLL.DLL %WINDIR%\TEMP\196E.TMP Detected by UnHackMe: JWIIOHD.DLL DEFAULT LOCATION: %TEMP%\NSD5EB6.TMP\JWIIOHD.DLL Dropper hash(md5): 1cf87892f04602c43c6e75f6d107d067 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

Downloader.GAW also known as PUP/Win32.OutBrowse.R145103, Riskware.Win32.OutBrowse.dreaxc, AdWare/NSIS.emo. Malware Analysis of Downloader.GAW – FBFGGGD.DLL Created files: %TEMP%\1430352117.EXE %TEMP%\EDACABFBBFCCA.ZIP %TEMP%\NSI2CA9.TMP\FBFGGGD.DLL %TEMP%\NSI2CA9.TMP\NSISUNZ.DLL %WINDIR%\TEMP\3855.TMP Detected by UnHackMe: FBFGGGD.DLL DEFAULT LOCATION: %TEMP%\NSI2CA9.TMP\FBFGGGD.DLL Dropper hash(md5): 0516ab5751bb740fd1df3064fb2c1536 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Downloader.NSIS.a also known as OutBrowse (fs), a variant of Win32/OutBrowse.D potentially unwanted, PUA/Outbrowse.Gen. Malware Analysis of Downloader.NSIS.a – BUTTERFLYSCR.EXE Created files: %WINDIR%\TEMP\CR_472CB.TMP\SETUP.EXE %WINDIR%\TEMP\CR_472CB.TMP\SETUP_PATCH.PACKED.7Z %WINDIR%\BUTTERFLYSCR.EXE %WINDIR%\SPRING\1.JPG %WINDIR%\SPRING\10.JPG Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}\LOCALSERVER32\: “”%TEMP%\DOWNLOADMANAGER.EXE”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{521ED2FA-5A27-242A-A349-901E43D6CC31}\UninstallString: “”%Program Files%\InstallShield Installation Information\{521ED2FA-5A27-242A-A349-901E43D6CC31}\setup.exe” -runfromtemp -l0x0009 -removeonly” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{521ED2FA-5A27-242A-A349-901E43D6CC31}\DisplayName: “Free Spring Screensaver” Detected by UnHackMe: BUTTERFLYSCR.EXE Default location: %WinDir%\BUTTERFLYSCR.EXE Dropper hash(md5): 596c2ef53d812d94bbdda2661a944651 UnHackMe removes…

Continue reading →

Downloader.LOV also known as Downloader.NSIS.a, Adware.Outbrowse.623066.A[h], SoftwareBundler:Win32/OutBrowse. Malware Analysis of Downloader.LOV – BUTTERFLYSCR.EXE Created files: %WINDIR%\TEMP\CR_472CB.TMP\SETUP.EXE %WINDIR%\TEMP\CR_472CB.TMP\SETUP_PATCH.PACKED.7Z %WINDIR%\BUTTERFLYSCR.EXE %WINDIR%\SPRING\1.JPG %WINDIR%\SPRING\10.JPG Autostart registry keys: HKLM\SOFTWARE\CLASSES\CLSID\{D3388703-5092-487C-8217-11ADA1CA68B5}\LOCALSERVER32\: “”%TEMP%\DOWNLOADMANAGER.EXE”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{521ED2FA-5A27-242A-A349-901E43D6CC31}\UninstallString: “”%Program Files%\InstallShield Installation Information\{521ED2FA-5A27-242A-A349-901E43D6CC31}\setup.exe” -runfromtemp -l0x0009 -removeonly” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{521ED2FA-5A27-242A-A349-901E43D6CC31}\DisplayName: “Free Spring Screensaver” Detected by UnHackMe: BUTTERFLYSCR.EXE Default location: %WinDir%\BUTTERFLYSCR.EXE Dropper hash(md5): 596c2ef53d812d94bbdda2661a944651 UnHackMe removes malware invisible for your antivirus! UnHackMe…

Continue reading →