SHeur.AM also known as OScope.Adware.GV.Cdn, Adware.Cdnup.A, TrojWare.Win32.Pakes.lmb. Malware Analysis of SHeur.AM – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

pws.win32.zakahic.a also known as TROJ_GEN.R0E3C0DAD17, Gen:Variant.Symmi.14354, Gen:Variant.Symmi.14354. Malware Analysis of pws.win32.zakahic.a – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Ransom.Cry also known as Trojan.SageCrypt!, Mal/Generic-S, W32/SageCrypt.ASR!tr. Malware Analysis of Ransom.Cry – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Artemis!4A8EF5BB1F0E also known as Win32/Trojan.GameThief.baa, W32/Zuten.C.gen!Eldorado, HEUR:Trojan.Win32.Generic. Malware Analysis of Artemis!4A8EF5BB1F0E – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Dropper.AgentCRTD.Win32.7861 also known as Artemis!D3F054DE4C81, malicious (high confidence), a variant of Win32/Wews87.A potentially unwanted. Malware Analysis of Dropper.AgentCRTD.Win32.7861 – YX_DTS.EXE Created files: %TEMP%\NSSD2D1.TMP\SYSTEM.DLL %TEMP%\NSSD2D1.TMP\UCBROWSER_V3.1.1644.29_4443_(BUILD14102814)_DOWNLOADER.EXE %TEMP%\NSSD2D1.TMP\YX_DTS.EXE %TEMP%\NSX1004.TMP\BG.BMP %TEMP%\NSX1004.TMP\BGWORKER.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd Service” HKLM\System\CurrentControlSet\services\sysmon\ImagePath:…

Continue reading →

a variant of Win32/RiskWare.LTLogger.A also known as malicious (high confidence), Generic PUA LE (PUA). Malware Analysis of a variant of Win32/RiskWare.LTLogger.A – 9377MYCS_Y_MGAZ2_01.EXE Created files: %TEMP%\INS1256858.EXE.LOG %TEMP%\NSSD2D1.TMP\1.RAR %TEMP%\NSSD2D1.TMP\9377MYCS_Y_MGAZ2_01.EXE %TEMP%\NSSD2D1.TMP\BASE64.DLL %TEMP%\NSSD2D1.TMP\F1023_S_30974.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName:…

Continue reading →

Pua.Agent also known as WebToolbar.Linkury.amp, RDN/Generic PUP.x, Malware.Generic.d!tfe (cloud:ua6rN5zIMCR) . Malware Analysis of Pua.Agent – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware invisible for your antivirus!…

Continue reading →

Win.Packed.Confuser-6042561-0 also known as trojan.win32.skeeyah.a!rfn, Win32.Trojan.WisdomEyes.16070401.9500.9984, Generic38.ALCQ. Malware Analysis of Win.Packed.Confuser-6042561-0 – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

ADSPY/Cdnup.A.1 also known as Trojan.Win32.Pakes.lmb, Adware.Cdnup!RDqouidOmx0, Adware.Cdn. Malware Analysis of ADSPY/Cdnup.A.1 – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

RiskWare[WebToolbar]/Win32.Linkury also known as W32/Trojan.YYWZ-5829, Adware ( 005017e31 ), Generic PUA OC (PUA). Malware Analysis of RiskWare[WebToolbar]/Win32.Linkury – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware invisible…

Continue reading →

Malware Analysis of Pua.Downloadmanager – 2STIPR0IN8.DLL Created files: %TEMP%\X5GZKZVKCXL9XONGQUG\1GTMD4WRD.DLL %TEMP%\X5GZKZVKCXL9XONGQUG\2STIPR0IN8.DLL %TEMP%\X5GZKZVKCXL9XONGQUG\LUA51.DLL %TEMP%\X5GZKZVKCXL9XONGQUG\YZVWSSXXCDUUKLWXNNRSDEBC90VWFF90IJ.DLL Detected by UnHackMe: 2STIPR0IN8.DLL DEFAULT LOCATION: %TEMP%\X5GZKZVKCXL9XONGQUG\2STIPR0IN8.DLL Dropper hash(md5): 10d7f38bfd7f07e009e1266ba6addc6c UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans…

Continue reading →

Riskware.Win32.MultiPlug.dvlvbk also known as a variant of Win32/Adware.MultiPlug.NX, Gen:Variant.Razy.14008, Gen:Variant.Razy.14008. MALWARE ANALYSIS OF RISKWARE.WIN32.MULTIPLUG.DVLVBK – 12D2DAA95882E6387935EFA323F72277.EXE Created files: %COMMON APPDATA%\{6D0A8341-1C92-BD42-6D0A-A83411C90D04}\FEF647D362669742 %COMMON APPDATA%\{6D0A8341-1C92-BD42-6D0A-A83411C90D04}\12D2DAA95882E6387935EFA323F72277.DAT %COMMON APPDATA%\{6D0A8341-1C92-BD42-6D0A-A83411C90D04}\12D2DAA95882E6387935EFA323F72277.EXE %SYSDIR%\TASKS\RESTOSCANNER %WINDIR%\TASKS\RESTOSCANNER.JOB Detected by UnHackMe: 12D2DAA95882E6387935EFA323F72277.EXE DEFAULT LOCATION: %COMMON APPDATA%\{6D0A8341-1C92-BD42-6D0A-A83411C90D04}\12D2DAA95882E6387935EFA323F72277.EXE Dropper hash(md5): 12d2daa95882e6387935efa323f72277 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

HW32.Packed.9582 also known as not-a-virus:HEUR:AdWare.Win32.Generic, Application.Win32.MultiPlug.HE. MALWARE ANALYSIS OF HW32.PACKED.9582 – 12D2DAA95882E6387935EFA323F72277.EXE Created files: %COMMON APPDATA%\{6D0A8341-1C92-BD42-6D0A-A83411C90D04}\FEF647D362669742 %COMMON APPDATA%\{6D0A8341-1C92-BD42-6D0A-A83411C90D04}\12D2DAA95882E6387935EFA323F72277.DAT %COMMON APPDATA%\{6D0A8341-1C92-BD42-6D0A-A83411C90D04}\12D2DAA95882E6387935EFA323F72277.EXE %SYSDIR%\TASKS\RESTOSCANNER %WINDIR%\TASKS\RESTOSCANNER.JOB Detected by UnHackMe: 12D2DAA95882E6387935EFA323F72277.EXE DEFAULT LOCATION: %COMMON APPDATA%\{6D0A8341-1C92-BD42-6D0A-A83411C90D04}\12D2DAA95882E6387935EFA323F72277.EXE Dropper hash(md5): 12d2daa95882e6387935efa323f72277 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Generic6.DSK also known as Gen:Variant.Adware.Mplug.21, Unwanted-Program ( 0040f9bc1 ). MALWARE ANALYSIS OF GENERIC6.DSK – 5E9B4EBD92087713A27615C5980EED7B.EXE Created files: %TEMP%\DFCB16C9D061\IMAGES\LOADER.GIF %TEMP%\DFCB16C9D061\IMAGES\PROGRESSBAR.GIF %TEMP%\DFCB16C9D061\TEMP\BG.CA %TEMP%\DFCB16C9D061\TEMP\5E9B4EBD92087713A27615C5980EED7B.EXE Detected by UnHackMe: 5E9B4EBD92087713A27615C5980EED7B.EXE DEFAULT LOCATION: %TEMP%\DFCB16C9D061\TEMP\5E9B4EBD92087713A27615C5980EED7B.EXE Dropper hash(md5): 5e9b4ebd92087713a27615c5980eed7b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain…

Continue reading →

HW32.Packed.E343 also known as Gen:Variant.Adware.Mplug.21 (B), Gen:Variant.Adware.Mplug.21, Unwanted-Program ( 0040f9bc1 ). MALWARE ANALYSIS OF HW32.PACKED.E343 – 5E9B4EBD92087713A27615C5980EED7B.EXE Created files: %TEMP%\DFCB16C9D061\IMAGES\LOADER.GIF %TEMP%\DFCB16C9D061\IMAGES\PROGRESSBAR.GIF %TEMP%\DFCB16C9D061\TEMP\BG.CA %TEMP%\DFCB16C9D061\TEMP\5E9B4EBD92087713A27615C5980EED7B.EXE Detected by UnHackMe: 5E9B4EBD92087713A27615C5980EED7B.EXE DEFAULT LOCATION: %TEMP%\DFCB16C9D061\TEMP\5E9B4EBD92087713A27615C5980EED7B.EXE Dropper hash(md5): 5e9b4ebd92087713a27615c5980eed7b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Riskware.Win32.MultiPlug.dkvptv also known as Gen:Variant.Adware.Mplug.21, Gen:Variant.Adware.Mplug.21, Generic6.DSK. MALWARE ANALYSIS OF RISKWARE.WIN32.MULTIPLUG.DKVPTV – 5E9B4EBD92087713A27615C5980EED7B.EXE Created files: %TEMP%\DFCB16C9D061\IMAGES\LOADER.GIF %TEMP%\DFCB16C9D061\IMAGES\PROGRESSBAR.GIF %TEMP%\DFCB16C9D061\TEMP\BG.CA %TEMP%\DFCB16C9D061\TEMP\5E9B4EBD92087713A27615C5980EED7B.EXE Detected by UnHackMe: 5E9B4EBD92087713A27615C5980EED7B.EXE DEFAULT LOCATION: %TEMP%\DFCB16C9D061\TEMP\5E9B4EBD92087713A27615C5980EED7B.EXE Dropper hash(md5): 5e9b4ebd92087713a27615c5980eed7b UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Win32/BDSearch also known as Adware.Cdnup.A, W32/Trojan.ZCAP-9292, Adware.Cdnup!RDqouidOmx0. Malware Analysis of Win32/BDSearch – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Ransom.Milicry also known as Trojan.GenericKD.4595309, Trojan.GenericKD.4595309, Trojan.GenericKD.4595309. Malware Analysis of Ransom.Milicry – WDBVQ5VJ.EXE Created files: %APPDATA%\MICROSOFT\SPEECH\FILES\USERLEXICONS\SP_FD36C5FB2CA14DDE905F1D1CE579247C.DAT %APPDATA%\F1.HTA %APPDATA%\WDBVQ5VJ.EXE %APPDATA%\XJ0IRWTW.TMP %PROFILE%\DESKTOP\WARRIOR\!HELP_SOS.HTA Detected by UnHackMe: WDBVQ5VJ.EXE DEFAULT LOCATION: %APPDATA%\WDBVQ5VJ.EXE Dropper hash(md5): 12c6a555b5ddbfb1106159320c06c390 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Artemis!66233F5FFCFF also known as Riskware.Agent!, W32.Malware.Gen. Malware Analysis of Artemis!66233F5FFCFF – INS1256858.EXE Created files: %COMMON APPDATA%\RISING\RAC\RAV.INI %TEMP%\DD5F92973F5A145EF5DA0F32B5E0A39A.JSON %TEMP%\INS1256858.EXE.LOG %TEMP%\NSSD2D1.TMP\1.RAR %TEMP%\NSSD2D1.TMP\9377MYCS_Y_MGAZ2_01.EXE Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd Service” HKLM\System\CurrentControlSet\services\sysmon\ImagePath: “system32\DRIVERS\sysmon.sys” HKLM\System\CurrentControlSet\services\sysmon\DisplayName: “sysmon” HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PPTASSIST\UNINSTALLSTRING: “%LOCAL APPDATA%\PPTASSIST\UTILITY\UNINST.EXE” HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PPTAssist\DisplayName:…

Continue reading →

TR/Crypt.ZPACK.jwdqb also known as Trojan.Zusy.D3615C, Trojan/Win32.AGeneric, Malware.Generic.5!tfe (cloud:l7TNbEpSZ1V) . Malware Analysis of TR/Crypt.ZPACK.jwdqb – DECLIENT.EXE Created files: %TEMP%\WERD8EB.TMP.WERINTERNALMETADATA.XML %TEMP%\WERE698.TMP.APPCOMPAT.TXT %TEMP%\WERE800.TMP.MDMP %WINDIR%\DECLIENT.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\REFLWORKASSIST: “%WINDIR%\DECLIENT.EXE” Detected by UnHackMe: DECLIENT.EXE Default location: %WinDir%\DECLIENT.EXE Dropper hash(md5): 06679fdddaca836a955cf3da256d76ed UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

DDoSTool.Agent also known as Trojan/Generic.azxeg, Gen:Variant.Zusy.221532 (B), Trojan.Gen. Malware Analysis of DDoSTool.Agent – DECLIENT.EXE Created files: %TEMP%\WERD8EB.TMP.WERINTERNALMETADATA.XML %TEMP%\WERE698.TMP.APPCOMPAT.TXT %TEMP%\WERE800.TMP.MDMP %WINDIR%\DECLIENT.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\REFLWORKASSIST: “%WINDIR%\DECLIENT.EXE” Detected by UnHackMe: DECLIENT.EXE Default location: %WinDir%\DECLIENT.EXE Dropper hash(md5): 06679fdddaca836a955cf3da256d76ed UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means…

Continue reading →

DDOS_ZANICH.SM also known as Trojan ( 004314201 ), Gen:Variant.Zusy.221532 (B), HEUR:Trojan.Win32.Generic. Malware Analysis of DDOS_ZANICH.SM – DECLIENT.EXE Created files: %TEMP%\WERD8EB.TMP.WERINTERNALMETADATA.XML %TEMP%\WERE698.TMP.APPCOMPAT.TXT %TEMP%\WERE800.TMP.MDMP %WINDIR%\DECLIENT.EXE Autostart registry keys: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\REFLWORKASSIST: “%WINDIR%\DECLIENT.EXE” Detected by UnHackMe: DECLIENT.EXE Default location: %WinDir%\DECLIENT.EXE Dropper hash(md5): 06679fdddaca836a955cf3da256d76ed UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100%…

Continue reading →

Riskware.Win32.OutBrowse.dtmevz also known as OutBrowse Revenyou (PUA), PUP.Adware.OutBrowse, PUP-FXQ. Malware Analysis of Riskware.Win32.OutBrowse.dtmevz – F.EXE Created files: %TEMP%\F.EXE %TEMP%\NSFCB40.TMP\CONVERT.DLL %TEMP%\WER3341.TMP.WERINTERNALMETADATA.XML %TEMP%\WER3B9F.TMP.APPCOMPAT.TXT %TEMP%\WER4072.TMP.MDMP Detected by UnHackMe: F.EXE DEFAULT LOCATION: %TEMP%\F.EXE Dropper hash(md5): 061190930f35d7041d942862b2018974 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not…

Continue reading →

Artemis!0570296233E2 also known as Trojan.Generic.DE410EB, Trojan.Win32.Injector.eajghb, Trojan.Generic.14946539 (B). Malware Analysis of Artemis!0570296233E2 – DATA.DLL Created files: %Program Files%\data.dll %Program Files%\gif.png %Program Files%\Ping_Master_Pro.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\strlenW: “%Program Files%\Ping_Master_Pro.exe” Detected by UnHackMe: DATA.DLL Default location: %PROGRAM FILES%\DATA.DLL Dropper hash(md5): 08c5c16e4c97247c78f538f7165a4ce2 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is…

Continue reading →

W32/Reconyc.D!tr also known as Trojan.Generic.D104FBE0, Trojan.Generic.17103840, Trojan.Python.Ircbot. Malware Analysis of W32/Reconyc.D!tr – MSDS.EXE Created files: %TEMP%\_MEI39602\MICROSOFT.VC90.CRT.MANIFEST %TEMP%\_MEI39602\MICROSOFT.VC90.MFC.MANIFEST %TEMP%\_MEI39602\MSDS.EXE.MANIFEST %TEMP%\_MEI39602\MSVCM90.DLL %TEMP%\_MEI39602\MSVCP90.DLL Detected by UnHackMe: MSDS.EXE DEFAULT LOCATION: %TEMP%\_MEI39602\MSDS.EXE.MANIFEST Dropper hash(md5): 063f30f0b88bbb45e04934e043a67255 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Generic8.DFQ also known as malicious_confidence_100% (D), a variant of Win32/Adware.HPDefender.ZZ, Trojan.Gen.8. Malware Analysis of Generic8.DFQ – CPUZAPP.EXE Created files: %TEMP%\NSHD0BE.TMP\NSPROCESS.DLL %APPDATA%\CPUZAPP\CPUZAPP\CPUZ_X32.EXE %APPDATA%\CPUZAPP\CPUZAPP.EXE %APPDATA%\CPUZAPP\UNINSTALLER.EXE %PROFILE%\DESKTOP\CPUZ_X32.LNK Detected by UnHackMe: CPUZAPP.EXE DEFAULT LOCATION: %APPDATA%\CPUZAPP\CPUZAPP.EXE Dropper hash(md5): 0213e7add3ba2b793405c592fdbe3330 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

TR/Dropper.A.33420 also known as Trojan.Encoder.3999, Trojan.GenericKD.3062831, Trojan.GenericKD.3062831. Malware Analysis of TR/Dropper.A.33420 – SQPIEPHIJUGG.EXE Created files: %SYSTEMDRIVE%\USERS\RECOVERY+CIFFC.PNG %SYSTEMDRIVE%\USERS\RECOVERY+CIFFC.TXT %WINDIR%\SQPIEPHIJUGG.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ACOWCKNYTHDX: “%SYSDIR%\CMD.EXE /C START “” “%WINDIR%\SQPIEPHIJUGG.EXE”” Detected by UnHackMe: SQPIEPHIJUGG.EXE Default location: %WinDir%\SQPIEPHIJUGG.EXE Dropper hash(md5): 039cc6b27dbe8ac72b8764e57c6d0a3f UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Python/IRCBot.D also known as trojan.python.kaazar.a, Trojan/Spy.Agent.g, W32/Reconyc.D!tr. Malware Analysis of Python/IRCBot.D – MSDS.EXE Created files: %TEMP%\_MEI39602\MICROSOFT.VC90.CRT.MANIFEST %TEMP%\_MEI39602\MICROSOFT.VC90.MFC.MANIFEST %TEMP%\_MEI39602\MSDS.EXE.MANIFEST %TEMP%\_MEI39602\MSVCM90.DLL %TEMP%\_MEI39602\MSVCP90.DLL Detected by UnHackMe: MSDS.EXE DEFAULT LOCATION: %TEMP%\_MEI39602\MSDS.EXE.MANIFEST Dropper hash(md5): 063f30f0b88bbb45e04934e043a67255 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

TeslaCrypt!039CC6B27DBE also known as BehavesLike.Win32.Downloader.dh, Trojan.GenericKD.3062831, Trojan.GenericKD.3062831. Malware Analysis of TeslaCrypt!039CC6B27DBE – SQPIEPHIJUGG.EXE Created files: %SYSTEMDRIVE%\USERS\RECOVERY+CIFFC.PNG %SYSTEMDRIVE%\USERS\RECOVERY+CIFFC.TXT %WINDIR%\SQPIEPHIJUGG.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ACOWCKNYTHDX: “%SYSDIR%\CMD.EXE /C START “” “%WINDIR%\SQPIEPHIJUGG.EXE”” Detected by UnHackMe: SQPIEPHIJUGG.EXE Default location: %WinDir%\SQPIEPHIJUGG.EXE Dropper hash(md5): 039cc6b27dbe8ac72b8764e57c6d0a3f UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

a variant of Win32/Kryptik.EOZI also known as TrojanProxy.Lethic.hr, Trojan.GenericKD.3062831, Trojan.GenericKD.3062831. Malware Analysis of a variant of Win32/Kryptik.EOZI – SQPIEPHIJUGG.EXE Created files: %SYSTEMDRIVE%\USERS\RECOVERY+CIFFC.PNG %SYSTEMDRIVE%\USERS\RECOVERY+CIFFC.TXT %WINDIR%\SQPIEPHIJUGG.EXE Autostart registry keys: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ACOWCKNYTHDX: “%SYSDIR%\CMD.EXE /C START “” “%WINDIR%\SQPIEPHIJUGG.EXE”” Detected by UnHackMe: SQPIEPHIJUGG.EXE Default location: %WinDir%\SQPIEPHIJUGG.EXE Dropper hash(md5): 039cc6b27dbe8ac72b8764e57c6d0a3f UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most…

Continue reading →