a variant of Win32/Softcnapp.J potentially unwanted also known as Trojan.Gen.2, Adware ( 004dd5ca1 ). Malware Analysis of a variant of Win32/Softcnapp.J potentially unwanted – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\:…

Continue reading →

Generic PUA CH (PUA) also known as Win32.Application.Agent.1273BK, generic.ml, W32.HfsAdware.2312. Malware Analysis of Generic PUA CH (PUA) – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\:…

Continue reading →

Gen:Variant.Midie.9277 (B) also known as Gen:Variant.Midie.9277, static engine – malicious. MALWARE ANALYSIS OF GEN:VARIANT.MIDIE.9277 (B) – 1FCAC867BE01F01AEB054B08EEB5C3D7.EXE Created files: %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.DAT %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.EXE %WINDIR%\TASKS\DIYGUIDE.JOB Detected by UnHackMe: 1FCAC867BE01F01AEB054B08EEB5C3D7.EXE DEFAULT LOCATION: %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.EXE Dropper hash(md5): 1fcac867be01f01aeb054b08eeb5c3d7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

Gen:Variant.Midie.9277 also known as Riskware/MultiPlug, Unwanted-Program ( 004cbc931 ), Win32.Adware.Generic.bb. MALWARE ANALYSIS OF GEN:VARIANT.MIDIE.9277 – 1FCAC867BE01F01AEB054B08EEB5C3D7.EXE Created files: %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.DAT %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.EXE %WINDIR%\TASKS\DIYGUIDE.JOB Detected by UnHackMe: 1FCAC867BE01F01AEB054B08EEB5C3D7.EXE DEFAULT LOCATION: %COMMON APPDATA%\{168606F3-ECA4-2772-1686-606F3ECA1BCF}\1FCAC867BE01F01AEB054B08EEB5C3D7.EXE Dropper hash(md5): 1fcac867be01f01aeb054b08eeb5c3d7 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

HW32.Packed.5407 also known as PUP/Win32.MultiPlug, suspected of Heur.Malware-Cryptor.Multiplug, Riskware.Win32.MultiPlug.dlguzj. MALWARE ANALYSIS OF HW32.PACKED.5407 – 6DEE61FA86B346C6AF04B3C62C556394.EXE Created files: %TEMP%\847715E96FCF\IMAGES\LOADER.GIF %TEMP%\847715E96FCF\IMAGES\PROGRESSBAR.GIF %TEMP%\847715E96FCF\TEMP\BG.CA %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Detected by UnHackMe: 6DEE61FA86B346C6AF04B3C62C556394.EXE DEFAULT LOCATION: %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Dropper hash(md5): 6dee61fa86b346c6af04b3c62c556394 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

Riskware.Win32.MultiPlug.dlguzj also known as ADWARE/MultiPlug.Gen7, Trojan.Crossrider.50422, Unwanted-Program ( 0040f9681 ). MALWARE ANALYSIS OF RISKWARE.WIN32.MULTIPLUG.DLGUZJ – 6DEE61FA86B346C6AF04B3C62C556394.EXE Created files: %TEMP%\847715E96FCF\IMAGES\LOADER.GIF %TEMP%\847715E96FCF\IMAGES\PROGRESSBAR.GIF %TEMP%\847715E96FCF\TEMP\BG.CA %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Detected by UnHackMe: 6DEE61FA86B346C6AF04B3C62C556394.EXE DEFAULT LOCATION: %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Dropper hash(md5): 6dee61fa86b346c6af04b3c62c556394 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Generic6.EDJ also known as ADWARE/MultiPlug.Gen7, suspected of Heur.Malware-Cryptor.Multiplug, HW32.Packed.5407. MALWARE ANALYSIS OF GENERIC6.EDJ – 6DEE61FA86B346C6AF04B3C62C556394.EXE Created files: %TEMP%\847715E96FCF\IMAGES\LOADER.GIF %TEMP%\847715E96FCF\IMAGES\PROGRESSBAR.GIF %TEMP%\847715E96FCF\TEMP\BG.CA %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Detected by UnHackMe: 6DEE61FA86B346C6AF04B3C62C556394.EXE DEFAULT LOCATION: %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Dropper hash(md5): 6dee61fa86b346c6af04b3c62c556394 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

malicious (high confidence) pe1 also known as not-a-virus:HEUR:AdWare.Win32.Generic, Adware.Installerex.A8, virus.win32.jadtre.l. MALWARE ANALYSIS OF MALICIOUS (HIGH CONFIDENCE) PE1 – 17203295CBEB941B1C8A1B3FCD5AE960.EXE Created files: %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\CE58FBA10789F1BB %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\17203295CBEB941B1C8A1B3FCD5AE960.DAT %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\17203295CBEB941B1C8A1B3FCD5AE960.EXE %SYSDIR%\TASKS\PROJECTORCONTROL %WINDIR%\TASKS\PROJECTORCONTROL.JOB Detected by UnHackMe: 17203295CBEB941B1C8A1B3FCD5AE960.EXE DEFAULT LOCATION: %COMMON APPDATA%\{4F02809B-CCAC-D5BB-4F02-2809BCCA026F}\17203295CBEB941B1C8A1B3FCD5AE960.EXE Dropper hash(md5): 17203295cbeb941b1c8a1b3fcd5ae960 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe…

Continue reading →

Artemis!3BEB4C07187A also known as Trojan.Win32.Generic!BT, TROJ_GEN.R00XC0OAR17, Adware.GenericKDCRTD.Win32.6052. Malware Analysis of Artemis!3BEB4C07187A – SCMBMANAGER.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading →

Riskware ( 004de7e01 ) also known as Trojan/Win32.BTSGeneric, Artemis!PUP, malicious (moderate confidence). Malware Analysis of Riskware ( 004de7e01 ) – YX_YXS_AB.EXE Created files: %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO %PROFILE%\DESKTOP\360????.LNK Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading →

Ransom:Win32/Milicry.A also known as Trojan.Generic.D461E6D, Win32:Malware-gen, Trojan.GenericKD.4595309. Malware Analysis of Ransom:Win32/Milicry.A – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

BKDR_ZEGOST.SM13 also known as Trojan.Win32.Injector, Trojan.Win32.Rbot.ellhso, Trojan/Win32.Zegost.R196288. Malware Analysis of BKDR_ZEGOST.SM13 – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d UnHackMe removes malware invisible for your…

Continue reading →

GenericR-JLF!12C6A555B5DD also known as Trojan.GenericKD.4595309, Trojan.Win32.Generic!BT. Malware Analysis of GenericR-JLF!12C6A555B5DD – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Ransom.SageCrypt!8.E42C (cloud:U9BlmGjtVxI) also known as Ransom.SageLocker, Trojan.Win32.Filecoder, Atros5.RXZ. Malware Analysis of Ransom.SageCrypt!8.E42C (cloud:U9BlmGjtVxI) – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

TR/Crypt.Xpack.ykxwa also known as Trojan-Ransom.Win32.SageCrypt.asr, Trj/CI.A, Ransom:Win32/Milicry.A. Malware Analysis of TR/Crypt.Xpack.ykxwa – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Linkury.EVD also known as Trojan.Win32.Generic!BT, PUP.Linkury/Variant, Malware.Generic.d!tfe (cloud:ua6rN5zIMCR) . Malware Analysis of Linkury.EVD – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware invisible for your antivirus! UnHackMe…

Continue reading →

Win32.Application.Agent.KIWYS7 also known as Trojan.Gen.2, Win32/Virus.Adware.ec4, Downloader.Morstar.Win32.888. Malware Analysis of Win32.Application.Agent.KIWYS7 – BEEHEIEEHD.EXE Created files: %TEMP%\WER3E9D.TMP.MDMP %TEMP%\WERF44E.TMP.WERINTERNALMETADATA.XML %TEMP%\BEEHEIEEHD.EXE %TEMP%\ICACHE-04044202.TMP %TEMP%\ILIST-00000000.TMP Detected by UnHackMe: BEEHEIEEHD.EXE DEFAULT LOCATION: %TEMP%\BEEHEIEEHD.EXE Dropper hash(md5): 13e7265d2b37bef83f1b618ae607d177 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Win32/Filecoder.NHQ also known as malicious (moderate confidence), Trojan[Ransom]/Win32.SageCrypt, Trojan.GenericKD.4595309 (B). Malware Analysis of Win32/Filecoder.NHQ – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Suspicious_Gen3.VQG also known as Win32:Adware-gen [Adw], Adware.Cdnup.A, CNav. Malware Analysis of Suspicious_Gen3.VQG – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Malware.Generic.d!tfe (cloud:ua6rN5zIMCR) also known as TROJ_GEN.R01BC0ECB17, Adware ( 005017e31 ), static engine – malicious. Malware Analysis of Malware.Generic.d!tfe (cloud:ua6rN5zIMCR) – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes…

Continue reading →

Generic_r.RBI also known as Trojan.GenericKD.4564741 (B), Backdoor.Trojan, Trojan.Win32.Generic!BT. Malware Analysis of Generic_r.RBI – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d UnHackMe removes malware invisible for…

Continue reading →

Generic38.ALCQ also known as BehavesLike.Win32.BrowseFox.hh, Mal/Generic-S, Trojan.Generic.20310542. Malware Analysis of Generic38.ALCQ – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

TR/Crypt.Xpack.kjnzd also known as Trojan.Generic.20310542, Troj.W32.Gen.mhYq, MSIL.Trojan.Injector.JO. Malware Analysis of TR/Crypt.Xpack.kjnzd – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

WebToolbar.Linkury.amp also known as MSIL.Application.Linkury.O, generic.ml, PUP/Win32.Linkury.R196393. Malware Analysis of WebToolbar.Linkury.amp – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

MSIL.Application.Linkury.O also known as not-a-virus:HEUR:WebToolbar.Win32.Linkury.gen, Pua.Agent, PUP.Optional.Linkury. Malware Analysis of MSIL.Application.Linkury.O – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

PUP.Linkury/Variant also known as Adware ( 005017e31 ), malicious_confidence_77% (D), Riskware/Linkury. Malware Analysis of PUP.Linkury/Variant – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware invisible for your…

Continue reading →

Stealer.OnLineGames!1.64DE (classic) also known as Win32:OnLineGames-GNB [Trj], W32/Zuten.C.gen!Eldorado. Malware Analysis of Stealer.OnLineGames!1.64DE (classic) – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Malware.Generic.5!tfe (cloud:Ko7kIYCm03R) also known as a variant of Win32/Injector.CJVZ, Win32.Trojan.WisdomEyes.16070401.9500.9991, Trojan.GenericKD.4564741 (B). Malware Analysis of Malware.Generic.5!tfe (cloud:Ko7kIYCm03R) – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d…

Continue reading →

Win32.Application.Agent.LED4GR also known as Virus/Win32.Sality.gen, W32.HfsAdware.AFDF, Dropper.AgentCRTD.Win32.7861. Malware Analysis of Win32.Application.Agent.LED4GR – YX_DTS.EXE Created files: %TEMP%\NSSD2D1.TMP\SYSTEM.DLL %TEMP%\NSSD2D1.TMP\UCBROWSER_V3.1.1644.29_4443_(BUILD14102814)_DOWNLOADER.EXE %TEMP%\NSSD2D1.TMP\YX_DTS.EXE %TEMP%\NSX1004.TMP\BG.BMP %TEMP%\NSX1004.TMP\BGWORKER.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd Service” HKLM\System\CurrentControlSet\services\sysmon\ImagePath: “system32\DRIVERS\sysmon.sys” HKLM\System\CurrentControlSet\services\sysmon\DisplayName: “sysmon” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PPTASSIST\UNINSTALLSTRING: “%LOCAL APPDATA%\PPTASSIST\UTILITY\UNINST.EXE” HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPTAssist\DisplayName:…

Continue reading →

CNav also known as Win32:Adware-gen [Adw], Adware.Bdsearch (fs), Adware.Cdnup.A. Malware Analysis of CNav – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →