Trojan.Crossrider1.53170 also known as W32/S-e57cb847!Eldorado, TR/Crypt.XPACK.Gen. MALWARE ANALYSIS OF TROJAN.CROSSRIDER1.53170 – 1204754AD77D4FDF81D2CB092EE9E4EE.EXE Created files: %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\DD1D66FEE382E07E %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.DAT %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.EXE %SYSDIR%\TASKS\NATURALBALANCE %WINDIR%\TASKS\NATURALBALANCE.JOB Detected by UnHackMe: 1204754AD77D4FDF81D2CB092EE9E4EE.EXE DEFAULT LOCATION: %COMMON APPDATA%\{71C40C34-8C76-0C84-71C4-40C348C730D2}\1204754AD77D4FDF81D2CB092EE9E4EE.EXE Dropper hash(md5): 1204754ad77d4fdf81d2cb092ee9e4ee UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does…

Continue reading →

Trojan.Crossrider.50422 also known as BehavesLike.Win32.Downloader.th, Gen:Variant.Adware.Mplug.23, TROJ_GEN.R02KB01LU14. MALWARE ANALYSIS OF TROJAN.CROSSRIDER.50422 – 6DEE61FA86B346C6AF04B3C62C556394.EXE Created files: %TEMP%\847715E96FCF\IMAGES\LOADER.GIF %TEMP%\847715E96FCF\IMAGES\PROGRESSBAR.GIF %TEMP%\847715E96FCF\TEMP\BG.CA %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Detected by UnHackMe: 6DEE61FA86B346C6AF04B3C62C556394.EXE DEFAULT LOCATION: %TEMP%\847715E96FCF\TEMP\6DEE61FA86B346C6AF04B3C62C556394.EXE Dropper hash(md5): 6dee61fa86b346c6af04b3c62c556394 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form…

Continue reading →

Win32.Trojan.Agent.NN1FRZ also known as Trojan.Win32.Z.Razy.968404[h], TROJ_GEN.R01BC0OAI17. Malware Analysis of Win32.Trojan.Agent.NN1FRZ – KP_25204.EXE Created files: %APPDATA%\IQIYI VIDEO\PSTYLE\WEBCACHE\8\WEBPAGE.HTML %APPDATA%\IQIYISETUP_QUDAO@KB133.EXE %APPDATA%\KP_25204.EXE %APPDATA%\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL %APPDATA%\MEMEZHIBO_RIA_TG2_SILENT_2.EXE Autostart registry keys: HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.pfv: “” HKLM\Software\Classes\Applications\QyClient.exe\SupportedTypes\.qsv: “” HKLM\Software\Classes\Applications\QyUninst.exe\NoStartPage: “” HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32\: “”%APPDATA%\360SE6\APPLICATION\360SE.EXE”” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\Shell\Open\command\: “%SystemRoot%\explorer.exe I:\” HKLM\Software\Classes\CLSID\{039219EC-5F9A-460E-8C72-86D5DC7B8683}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\Shell\Open\command\: “%SystemRoot%\explorer.exe M:\” HKLM\Software\Classes\CLSID\{056A6FBD-8148-443A-AAB2-DB3C46B1F083}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\Shell\Open\command\: “%SystemRoot%\explorer.exe V:\” HKLM\Software\Classes\CLSID\{06F2A2CA-E0E2-47D7-A3EC-29FD090E7F86}\InprocServer32\: “%Program Files%\360\360Safe\safemon\360UDiskGuard.dll” HKLM\Software\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}\InprocServer32\: “%Program Files%\IQIYI Video\LStyle\5.5.33.3550\QYPlugin.dll” HKLM\Software\Classes\CLSID\{10AFB451-4816-48A1-8DDD-0F9595EB9F67}\InProcServer32\:…

Continue reading →

Win32.Trojan.Generic.Dvga also known as Trojan.Xpack.Win32.678, HEUR:Trojan.Win32.Generic, Trojan.Win32.Z.Packed.540672[h]. Malware Analysis of Win32.Trojan.Generic.Dvga – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

Trojan.Generic.D45A705 also known as Ransom.Locky, TR/AD.Zegost.jthbh. Malware Analysis of Trojan.Generic.D45A705 – UPDATE.COM Created files: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP %SYSTEMDRIVE%\UPDATE.COM %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER114.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER1D1.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CDEFGH JKLMNOPQ STU\IMAGEPATH: “%SYSTEMDRIVE%\UPDATE.COM” HKLM\System\CurrentControlSet\services\Cdefgh Jklmnopq Stu\DisplayName: “Cdefgh Jklmnopq Stuvwxya Cdef” Detected by UnHackMe: UPDATE.COM DEFAULT LOCATION: %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_UPDATE.COM_2ED32EC656F6E33FC53955989716964912388DB_CAB_0EA13505\WER3352.TMP.MDMP Dropper hash(md5): 09d50103a5a653680bb5e1b201b76f4d UnHackMe removes malware invisible for your antivirus!…

Continue reading →

Trojan.Win32.Confuser.eksszq also known as W32/Trojan.XGLK-6260, Win32.Trojan.WisdomEyes.16070401.9500.9984, Trojan.Crypt. Malware Analysis of Trojan.Win32.Confuser.eksszq – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of malware,…

Continue reading →

W32/Trojan.ZCAP-9292 also known as Win32/Trojan.Adware.33f, Adware.Cdnup.A, Adware.Cdnup.A. Malware Analysis of W32/Trojan.ZCAP-9292 – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Trojan.Agent/Gen-Wews also known as malicious (high confidence), a variant of Win32/Wews87.A potentially unwanted, PUA.Wews87!8.642 (cloud:8AaTlPhNa1R) . Malware Analysis of Trojan.Agent/Gen-Wews – YX_DTS.EXE Created files: %TEMP%\NSSD2D1.TMP\SYSTEM.DLL %TEMP%\NSSD2D1.TMP\UCBROWSER_V3.1.1644.29_4443_(BUILD14102814)_DOWNLOADER.EXE %TEMP%\NSSD2D1.TMP\YX_DTS.EXE %TEMP%\NSX1004.TMP\BG.BMP %TEMP%\NSX1004.TMP\BGWORKER.DLL Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RSDTRAY: “”%Program Files%\Rising\RSD\popwndexe.exe”” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\DisplayName: “Rising Software Deployment System” HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSD\UninstallString: “”%Program Files%\Rising\RSD\Setup.exe” /UNINSTALL /PRODUCT=RSD” HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RSDSYS\IMAGEPATH: “\??\%SYSDIR%\DRIVERS\PROTREG.SYS” HKLM\System\CurrentControlSet\services\rsdsys\DisplayName: “rsd protect” HKLM\System\CurrentControlSet\services\RsMgrSvc\ImagePath: “”%Program Files%\Rising\RSD\RsMgrSvc.exe”” HKLM\System\CurrentControlSet\services\RsMgrSvc\DisplayName: “Rsd…

Continue reading →

Win32/Trojan.Adware.33f also known as BrowserModifier:Win32/CNNIC, W32/Trojan5.CJK, PE:Trojan.Win32.Generic.148B9C89!344693897. Malware Analysis of Win32/Trojan.Adware.33f – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Trojan ( 0040ed1c1 ) also known as Trojan.Gen, Trojan.Generic.afrpn, malicious (high confidence). Malware Analysis of Trojan ( 0040ed1c1 ) – SYSJFZR.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: SYSJFZR.DLL Default location: %SYSDIR%\SYSJFZR.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which…

Continue reading →

W32/Trojan5.CJK also known as Adware.Cdnup!RDqouidOmx0, BrowserModifier:Win32/CNNIC, Adware.Cdnup.A. Malware Analysis of W32/Trojan5.CJK – SETUP-REAL.EXE Created files: %TEMP%\~RNSETUP\CLNTXRES.DLL %TEMP%\~RNSETUP\CNNIC\RNCONTROLLER.DLL %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE %TEMP%\~RNSETUP\CNNIC_TOOLBAR.SPC %TEMP%\~RNSETUP\COMMON\RPPR3260.DLL Autostart registry keys: HKLM\Software\Classes\CLSID\{47f59200-8783-11d2-8343-00a0c945a819}\InprocServer32\: “%Program Files%\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll” Detected by UnHackMe: SETUP-REAL.EXE DEFAULT LOCATION: %TEMP%\~RNSETUP\CNNIC\SETUP-REAL.EXE Dropper hash(md5): 115953246b798695c685478ca4497e9a UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN,…

Continue reading →

Troj.W32.Invader.mCVz also known as HEUR/QVM39.1.3A53.Malware.Gen, ML.Attribute.HighConfidence, Win32.Trojan.WisdomEyes.16070401.9500.9999. Malware Analysis of Troj.W32.Invader.mCVz – TMD625.DLL Created files: %SYSDIR%\SPORDER.DLL %SYSDIR%\SYSJFZR.DLL %SYSDIR%\TMD625.DLL Detected by UnHackMe: TMD625.DLL Default location: %SYSDIR%\TMD625.DLL Dropper hash(md5): 0884215e0301abe2e4dc2f5a82edeaf5 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it does not contain any form of…

Continue reading →

Trojan ( 004be5b21 ) also known as HEUR:Trojan.Win32.Generic, W32.Clodbc5.Trojan.1ac2, malicious_confidence_100% (W). Malware Analysis of Trojan ( 004be5b21 ) – X0IJ2L.EXE Created files: %SYSDIR%\62631.NLS %SYSDIR%\X0IJ2L.EXE Detected by UnHackMe: X0IJ2L.EXE Default location: %SYSDIR%\X0IJ2L.EXE Dropper hash(md5): 124848b137a9763a1400aeebed295255 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible with most antivirus software. UnHackMe is 100% CLEAN, which means it…

Continue reading →

TROJ_GEN.R01BC0ECB17 also known as PUP/Win32.Linkury.R196393, Trojan.Win32.Generic!BT, W32.Adware.Gen. Malware Analysis of TROJ_GEN.R01BC0ECB17 – NETTRANS.EXE Created files: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE.CONFIG %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\REPORT.WER %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9AA5.TMP.APPCOMPAT.TXT %COMMON APPDATA%\MICROSOFT\WINDOWS\WER\REPORTQUEUE\APPCRASH_NETTRANS.EXE_972877DE09E9226E6FBA975167E1E31C8A64B1_CAB_0A45D135\WER9BAF.TMP.WERINTERNALMETADATA.XML Autostart registry keys: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PREFERSSECURE\IMAGEPATH: “%COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE” HKLM\System\CurrentControlSet\services\PrefersSecure\DisplayName: “Prefers Secure” Detected by UnHackMe: NETTRANS.EXE DEFAULT LOCATION: %COMMON APPDATA%\PREFERSSECURE\NETTRANS.EXE Dropper hash(md5): 4fa73ad05d5a1156a69d2a1e63274d05 UnHackMe removes malware invisible for your antivirus! UnHackMe is compatible…

Continue reading →