W32/Kryptik.BFQM also known as Gen:Trojan.Heur.RP.nqW@aaU@siii, Trojan.FakeAV. Malware Analysis of W32/Kryptik.BFQM Created files: %Appdata%API.class %Appdata%cgminer.conf %Appdata%diablo130302.cl %Appdata%diakgcn121016.cl %Appdata%dllhost.exe %Appdata%dllhost2.exe %Appdata%libcurl.dll %Appdata%libeay32.dll %Appdata%libidn-11.dll %Appdata%librtmp.dll %Appdata%libssh2.dll %Appdata%libusb-1.0.dll %Appdata%lkfjl23j.db %Appdata%mainer_run.exe %Appdata%Mozilla Firefox.lnk %Appdata%phatk121016.cl %Appdata%phatk121016Turksv2w128l4.bin %Appdata%poclbm130302.cl %Appdata%poclbm130302GeForce GTS 250v1w256l4.bin %Appdata%poclbm130302Intel(R) HD Graphics 4000gv1w256l4.bin %Appdata%rundll32.exe %Appdata%scrypt130302.cl %Appdata%ssleay32.dll %Appdata%subid.dll %Appdata%svchost.exe %Appdata%tmp.vbs %Appdata%unzipme_miner-files.zip %Appdata%zlib1.dll %Temp%Temporary Directory 1 for unzipme_miner-files.zipAPI.class %Temp%Temporary Directory 1 for…

Continue reading →

Generic33.CERV also known as Win32/Kryptik.BFQM, Trojan.Downloader.FC, TROJ_GEN.R0CBC0EGL13. Malware Analysis of Generic33.CERV Created files: %Appdata%API.class %Appdata%cgminer.conf %Appdata%diablo130302.cl %Appdata%diakgcn121016.cl %Appdata%dllhost.exe %Appdata%dllhost2.exe %Appdata%libcurl.dll %Appdata%libeay32.dll %Appdata%libidn-11.dll %Appdata%librtmp.dll %Appdata%libssh2.dll %Appdata%libusb-1.0.dll %Appdata%lkfjl23j.db %Appdata%mainer_run.exe %Appdata%Mozilla Firefox.lnk %Appdata%phatk121016.cl %Appdata%phatk121016Turksv2w128l4.bin %Appdata%poclbm130302.cl %Appdata%poclbm130302GeForce GTS 250v1w256l4.bin %Appdata%poclbm130302Intel(R) HD Graphics 4000gv1w256l4.bin %Appdata%rundll32.exe %Appdata%scrypt130302.cl %Appdata%ssleay32.dll %Appdata%subid.dll %Appdata%svchost.exe %Appdata%tmp.vbs %Appdata%unzipme_miner-files.zip %Appdata%zlib1.dll %Temp%Temporary Directory 1 for unzipme_miner-files.zipAPI.class %Temp%Temporary Directory 1…

Continue reading →

Artemis!3BC6F91EE327 also known as TR/Kilim.C.3, Win32.Troj.Undef.(kcloud). Malware Analysis of Artemis!3BC6F91EE327 Created files: %Local Appdata%GoogleChromeUser DataDefaultExtension Rules00003.log %Local Appdata%GoogleChromeUser DataDefaultExtension RulesCURRENT %Local Appdata%GoogleChromeUser DataDefaultExtension RulesLOCK %Local Appdata%GoogleChromeUser DataDefaultExtension RulesLOG %Local Appdata%GoogleChromeUser DataDefaultExtension RulesMANIFEST-000002 %Local Appdata%GoogleChromeUser DataDefaultPreferences.bad %WinDir%FlashTopiaFlashMedia.exe %WinDir%FlashTopiaPref2.dat Detected by UnHackMe: FLASHMEDIA.EXE Default location: %WinDir%FLASHTOPIAFLASHMEDIA.EXE UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with…

Continue reading →

TR/Kilim.C.3 also known as Trojan.Agent.AI, W32/AutoHK.F!tr.dldr, Win32.Troj.Undef.(kcloud). Malware Analysis of TR/Kilim.C.3 Created files: %Local Appdata%GoogleChromeUser DataDefaultExtension Rules00003.log %Local Appdata%GoogleChromeUser DataDefaultExtension RulesCURRENT %Local Appdata%GoogleChromeUser DataDefaultExtension RulesLOCK %Local Appdata%GoogleChromeUser DataDefaultExtension RulesLOG %Local Appdata%GoogleChromeUser DataDefaultExtension RulesMANIFEST-000002 %Local Appdata%GoogleChromeUser DataDefaultPreferences.bad %WinDir%FlashTopiaFlashMedia.exe %WinDir%FlashTopiaPref2.dat Detected by UnHackMe: FLASHMEDIA.EXE Default location: %WinDir%FLASHTOPIAFLASHMEDIA.EXE UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →

W32/AutoHK.F!tr.dldr also known as Generic8_c.BOSH, Trojan/Win32.Generic, Win32.Troj.Undef.(kcloud). Malware Analysis of W32/AutoHK.F!tr.dldr Created files: %Local Appdata%GoogleChromeUser DataDefaultExtension Rules00003.log %Local Appdata%GoogleChromeUser DataDefaultExtension RulesCURRENT %Local Appdata%GoogleChromeUser DataDefaultExtension RulesLOCK %Local Appdata%GoogleChromeUser DataDefaultExtension RulesLOG %Local Appdata%GoogleChromeUser DataDefaultExtension RulesMANIFEST-000002 %Local Appdata%GoogleChromeUser DataDefaultPreferences.bad %WinDir%FlashTopiaFlashMedia.exe %WinDir%FlashTopiaPref2.dat Detected by UnHackMe: FLASHMEDIA.EXE Default location: %WinDir%FLASHTOPIAFLASHMEDIA.EXE UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →