Artemis!D641DA72446C also known as Artemis!PUP, Trojan.Win32.Generic!BT, Trojan.Gen.2. Malware Analysis of Artemis!D641DA72446C – YX_YXS_AB.EXE Created files: %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO %PROFILE%\DESKTOP\360????.LNK Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll” HKLM\Software\Classes\CLSID\{10AFB451-4816-48A1-8DDD-0F9595EB9F67}\InProcServer32\: “%Program…

Artemis!1B3EE3F64FF3

March 31, 2017

NightWatcher

malware No Comments

Artemis!1B3EE3F64FF3 also known as Riskware/Softcnapp, W32.Adware.Gen, Trojan.Win32.Generic!BT. Malware Analysis of Artemis!1B3EE3F64FF3 – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading →

Win32.Trojan.WisdomEyes.16070401.9500.9520

March 31, 2017

NightWatcher

Trojan No Comments

Malware Analysis of Win32.Trojan.WisdomEyes.16070401.9500.9520 – SAFE505.EXE Created files: %Program Files%\360\360Safe\safemon\RouterSafeTpi.tpi %Program Files%\360\360Safe\safemon\safe505.dll %Program Files%\360\360Safe\safemon\safe505.exe %Program Files%\360\360Safe\safemon\safehmpg.dll %Program Files%\360\360Safe\safemon\safehmpg.ini Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll” HKLM\Software\Classes\CLSID\{10AFB451-4816-48A1-8DDD-0F9595EB9F67}\InProcServer32\: “%Program Files%\360\360Safe\Utils\npaxlogin.dll” HKLM\SOFTWARE\CLASSES\CLSID\{12793398-A212-446F-BA1E-1F1B5ABDB89C}\SHELL\OPEN\COMMAND\:…

Continue reading →

TrojWare.Win32.Trojan.Generic.~

March 31, 2017

NightWatcher

Trojan No Comments

TrojWare.Win32.Trojan.Generic.~ also known as Trojan.IGENERIC, Mal/Generic-S, Trojan.Win32.Z.Razy.968404[h]. Malware Analysis of TrojWare.Win32.Trojan.Generic.~ – KP_25204.EXE Created files: %APPDATA%\IQIYI VIDEO\PSTYLE\WEBCACHE\8\WEBPAGE.HTML %APPDATA%\IQIYISETUP_QUDAO@KB133.EXE %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll”…

Continue reading →

Trojan.Siggen7.8828

March 31, 2017

NightWatcher

Trojan No Comments

Trojan.Siggen7.8828 also known as Win32:Malware-gen, BehavesLike.Win32.AdwareBSurf.dc, Trojan.Gen.2. Malware Analysis of Trojan.Siggen7.8828 – KP_25204.EXE Created files: %APPDATA%\IQIYI VIDEO\PSTYLE\WEBCACHE\8\WEBPAGE.HTML %APPDATA%\IQIYISETUP_QUDAO@KB133.EXE %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll”…

Continue reading →

Adware.GenericKDCRTD.Win32.6052

March 31, 2017

NightWatcher

Adware No Comments

Adware.GenericKDCRTD.Win32.6052 also known as Adware.Softcnapp.23, Trojan.Win32.Generic!BT, Adware.GenericKD.4588278. Malware Analysis of Adware.GenericKDCRTD.Win32.6052 – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading →

Adware.Generic.D4602F6

March 31, 2017

NightWatcher

Adware No Comments

Adware.Generic.D4602F6 also known as Adware.GenericKD.4588278, Adware.GenericKD.4588278, Riskware.Agent!. Malware Analysis of Adware.Generic.D4602F6 – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading →

Riskware/AdGazelle

March 31, 2017

NightWatcher

malware No Comments

Riskware/AdGazelle also known as PUP/Win32.Agent, Trojan.Win32.Generic!BT, TROJ_GEN.R0C1H09CF15. Malware Analysis of Riskware/AdGazelle – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

TROJ_GEN.R047H0ECT17

March 31, 2017

NightWatcher

Trojan No Comments

TROJ_GEN.R047H0ECT17 also known as Artemis!9938207F09B4, W32.Adware.Gen. Malware Analysis of TROJ_GEN.R047H0ECT17 – SETUP_ZNYKB050.EXE Created files: %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll” HKLM\Software\Classes\CLSID\{10AFB451-4816-48A1-8DDD-0F9595EB9F67}\InProcServer32\: “%Program…

Continue reading →

TR/Razy.yrfkc

March 31, 2017

NightWatcher

malware No Comments

TR/Razy.yrfkc also known as Trojan.ChinAd, Trojan ( 0001140e1 ), Uds.Dangerousobject.Multi!c. Malware Analysis of TR/Razy.yrfkc – KP_25204.EXE Created files: %APPDATA%\IQIYI VIDEO\PSTYLE\WEBCACHE\8\WEBPAGE.HTML %APPDATA%\IQIYISETUP_QUDAO@KB133.EXE %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading →

Win32.Trojan.WisdomEyes.16070401.9500.9830

March 31, 2017

NightWatcher

Trojan No Comments

Malware Analysis of Win32.Trojan.WisdomEyes.16070401.9500.9830 – HAMSTER.DLL Created files: %Program Files%\360\360Safe\Utils\feedback.ui %Program Files%\360\360Safe\Utils\FileSmasher.exe %Program Files%\360\360Safe\Utils\Hamster.dll %Program Files%\360\360Safe\Utils\LeakFixHelper.dll %Program Files%\360\360Safe\Utils\LeakFixHelper64.dll Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll” HKLM\Software\Classes\CLSID\{10AFB451-4816-48A1-8DDD-0F9595EB9F67}\InProcServer32\: “%Program Files%\360\360Safe\Utils\npaxlogin.dll” HKLM\SOFTWARE\CLASSES\CLSID\{12793398-A212-446F-BA1E-1F1B5ABDB89C}\SHELL\OPEN\COMMAND\:…

Continue reading →

Trojan.GenericKD.4704217 (B)

March 31, 2017

NightWatcher

Trojan No Comments

Trojan.GenericKD.4704217 (B) also known as Trojan.IGENERIC, Trojan.GenericKD.4704217, Trojan.GenericKD.4704217. Malware Analysis of Trojan.GenericKD.4704217 (B) – SCMUTUAL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program…

Continue reading →

Malware.Heuristic!ET#86% (rdm+)

March 31, 2017

NightWatcher

malware No Comments

Malware Analysis of Malware.Heuristic!ET#86% (rdm+) – VMSAFERYLMFZEZ30.EXE Created files: %TEMP%\UXASGVHKJVCWYASB.TMP %TEMP%\UXKEYUMNWIQOGBCS.TMP %TEMP%\VECTRBFLDNTGUXHH\VMSAFERYLMFZEZ30.EXE %TEMP%\VQGHIDDJEGFNBOTQ.TMP %TEMP%\VTLFGLJCMPNKLJRA\{9310504F-D19B-44F6-96A2-A487D573794F}.TMP Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll” HKLM\Software\Classes\CLSID\{10AFB451-4816-48A1-8DDD-0F9595EB9F67}\InProcServer32\: “%Program Files%\360\360Safe\Utils\npaxlogin.dll” HKLM\SOFTWARE\CLASSES\CLSID\{12793398-A212-446F-BA1E-1F1B5ABDB89C}\SHELL\OPEN\COMMAND\: “%SYSTEMROOT%\EXPLORER.EXE %SYSTEMDRIVE%\” HKLM\Software\Classes\CLSID\{12793398-A212-446F-BA1E-1F1B5ABDB89C}\InprocServer32\: “%Program…

Continue reading →

PUA.AdGazelle

March 31, 2017

NightWatcher

malware No Comments

PUA.AdGazelle also known as PUP/Win32.Agent, a variant of Win32/AdGazelle.D potentially unwanted, Trojan.Win32.Generic!BT. Malware Analysis of PUA.AdGazelle – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

W32/Adware.PKMY-1478

March 31, 2017

NightWatcher

Adware No Comments

W32/Adware.PKMY-1478 also known as Riskware/Softcnapp, TROJ_GEN.R01BC0OAO17, Artemis!1B3EE3F64FF3. Malware Analysis of W32/Adware.PKMY-1478 – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading →

TROJ_GEN.R0C1H09CF15

March 31, 2017

NightWatcher

Trojan No Comments

TROJ_GEN.R0C1H09CF15 also known as Riskware/AdGazelle, Generic PUA DA, Trojan.Win32.Generic!BT. Malware Analysis of TROJ_GEN.R0C1H09CF15 – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any…

Continue reading →

Win32.Application.Agent.1273BK

March 31, 2017

NightWatcher

malware No Comments

Win32.Application.Agent.1273BK also known as Adware.GenericKDCRTD.Win32.6052, Adware ( 004dd5ca1 ). Malware Analysis of Win32.Application.Agent.1273BK – SCMINI.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCImeManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMBManager.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program…

Continue reading →

Adware.Softcnapp.1021472[h]

March 31, 2017

NightWatcher

Adware No Comments

Adware.Softcnapp.1021472[h] also known as Artemis!52B99F2537DD, Trojan.Win32.Generic!BT, Win32:Adware-gen [Adw]. Malware Analysis of Adware.Softcnapp.1021472[h] – SCTOOL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCService.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCSkinInst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCTool.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCUninst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCUpd.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll”…

Continue reading →

Riskware.Win32.YouXun.eloycv

March 31, 2017

NightWatcher

malware No Comments

Riskware.Win32.YouXun.eloycv also known as Riskware ( 004de7e01 ), Trojan.Gen.2, Trojan.Win32.Generic!BT. Malware Analysis of Riskware.Win32.YouXun.eloycv – YX_YXS_AB.EXE Created files: %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO %PROFILE%\DESKTOP\360????.LNK Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI…

Continue reading →

Adware.GenericKD.4588278

March 31, 2017

NightWatcher

Adware No Comments

Adware.GenericKD.4588278 also known as Trojan.Gen.2, W32/Trojan.BIET-3634. Malware Analysis of Adware.GenericKD.4588278 – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program…

Continue reading →

W32.HfsAdware.2312

March 31, 2017

NightWatcher

Adware No Comments

W32.HfsAdware.2312 also known as Trojan.Win32.Generic!BT, Trojan.Gen.2, Adware ( 004dd5ca1 ). Malware Analysis of W32.HfsAdware.2312 – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\:…

Continue reading →

Artemis!BB0563DD3D60

March 31, 2017

NightWatcher

malware No Comments

Artemis!BB0563DD3D60 also known as Trojan.Win32.Generic!BT, Trojan.GenericKD.2231884 (B), Riskware.Win32.AdGazelle.dpigvd. Malware Analysis of Artemis!BB0563DD3D60 – __0697961455D745598AEBE96EC4857809.DLL Created files: %TEMP%\NSREA12.TMP\MODERN-WIZARD.BMP %TEMP%\NSREA12.TMP\SYSTEM.DLL %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Detected by UnHackMe: __0697961455D745598AEBE96EC4857809.DLL DEFAULT LOCATION: %TEMP%\NSREA12.TMP\__0697961455D745598AEBE96EC4857809.DLL Dropper hash(md5): 17524b3120668319761f26b13ce4c7ba UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

HW32.Packed.9273

March 31, 2017

NightWatcher

malware No Comments

HW32.Packed.9273 also known as SScope.Adware.Outbrowse, DLOADER.Trojan, malicious (moderate confidence). Malware Analysis of HW32.Packed.9273 – MEMEZHIBO_RIA_TG2_SILENT_2.EXE Created files: %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI…

Continue reading →

Adware.Softcnapp.23

March 31, 2017

NightWatcher

Adware No Comments

Adware.Softcnapp.23 also known as Adware.GenericKD.4588278, Adware.GenericKD.4588278, Riskware.Agent!. Malware Analysis of Adware.Softcnapp.23 – SCCLOUD.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\Dict\yy.idx %Program Files%\SmartCloudInput\1.0.6.1224\DuiLib32.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCCloud.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCConfig.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCDictInst.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading →

Adware ( 004e10411 )

March 31, 2017

NightWatcher

Adware No Comments

Adware ( 004e10411 ) also known as Riskware/Softcnapp, a variant of Win32/Softcnapp.J potentially unwanted. Malware Analysis of Adware ( 004e10411 ) – SETUP_ZNYKB050.EXE Created files: %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE %APPDATA%\SETUP_ZNYKB050.EXE %APPDATA%\YX_YXS_AB.EXE %APPDATA%\?A?E?A.ICO Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\:…

Continue reading →

Win.Trojan.Agent-5404323-0

March 31, 2017

NightWatcher

Trojan No Comments

Win.Trojan.Agent-5404323-0 also known as Trojan.Gen.2, Trj/CI.A, Trojan ( 0001140e1 ). Malware Analysis of Win.Trojan.Agent-5404323-0 – KP_25204.EXE Created files: %APPDATA%\IQIYI VIDEO\PSTYLE\WEBCACHE\8\WEBPAGE.HTML %APPDATA%\IQIYISETUP_QUDAO@KB133.EXE %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading →

W64.HfsAdware.2312

March 31, 2017

NightWatcher

Adware No Comments

W64.HfsAdware.2312 also known as Win32.Trojan.WisdomEyes.16070401.9500.9539. Malware Analysis of W64.HfsAdware.2312 – SCPOWER64.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPower32.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPower64.exe %Program Files%\SmartCloudInput\1.0.6.1224\ScrSnap.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCService.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI…

Continue reading →

W32/Trojan.ISMK-4554

March 31, 2017

NightWatcher

Trojan No Comments

W32/Trojan.ISMK-4554 also known as W32.HfsAdware.2312, Trojan.Generic.D47C7D9, Trojan.GenericKD.4704217. Malware Analysis of W32/Trojan.ISMK-4554 – SCMUTUAL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCMiNi.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMoniter.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCMutual.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCPlan.dll %Program Files%\SmartCloudInput\1.0.6.1224\SCPlugin.dll Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\:…

Continue reading →

TROJ_GEN.R01BC0OAG17

March 31, 2017

NightWatcher

Trojan No Comments

TROJ_GEN.R01BC0OAG17 also known as W32.Adware.Gen, Trojan.Win32.Generic!BT. Malware Analysis of TROJ_GEN.R01BC0OAG17 – SCTOOL.EXE Created files: %Program Files%\SmartCloudInput\1.0.6.1224\SCService.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCSkinInst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCTool.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCUninst.exe %Program Files%\SmartCloudInput\1.0.6.1224\SCUpd.exe Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program…

Continue reading →

BehavesLike.Win32.AdwareBSurf.dc

March 31, 2017

NightWatcher

Adware No Comments

BehavesLike.Win32.AdwareBSurf.dc also known as Trojan.Siggen7.8828, virus.win32.ramnit.a, Mal/Generic-S. Malware Analysis of BehavesLike.Win32.AdwareBSurf.dc – KP_25204.EXE Created files: %APPDATA%\IQIYI VIDEO\PSTYLE\WEBCACHE\8\WEBPAGE.HTML %APPDATA%\IQIYISETUP_QUDAO@KB133.EXE %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll”…

Continue reading →