WINLOCKDLL.DLL – Trojan-Ransom Winlock

Trojan-Ransom No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WINLOCKDLL.DLL – Trojan-Ransom Winlock removal

File MD5 Virus Alias
WINLOCKDLL.DLL eb82c9ad4a4eb30939e536d23c96fe68 Trojan-Ransom Winlock
WINLOCKDLL.DLL eb82c9ad4a4eb30939e536d23c96fe68 Trojan SuspiciousFile

WINLOCKDLL.DLL size: 61400 bytes
WINLOCKDLL.DLL hash: EB82C9AD4A4EB30939E536D23C96FE68

Created files:

%SysDir%\eWebEditorClient.dll
%SysDir%\NewvCommon.ocx
%SysDir%\NewvRecorder.ocx
%SysDir%\WebOffice.ocx
%SysDir%\WinLockDll.dll
%TEMP%\IXP000.TMP\CloseIEWindows.exe
%TEMP%\IXP000.TMP\eWebEditorClient.dll
%TEMP%\IXP000.TMP\NewvCommon.ocx
%TEMP%\IXP000.TMP\NewvRecorder.ocx
%TEMP%\IXP000.TMP\SmartClientSetting.exe
%TEMP%\IXP000.TMP\WebOffice.ocx
%TEMP%\IXP000.TMP\WinLockDll.dll
%TEMP%\PostilDll.dll

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: rundll32.exe %WinDir%\System32\advpack.dll,DelNodeRunDLL32 “%TEMP%\IXP000.TMP\”

Detected by UnHackMe:

WINLOCKDLL.DLL
Default location: %TEMP%\IXP000.TMP\WINLOCKDLL.DLL

Dropper information:
MD5: b9169be249767f7927590d765a2f7466
File size: 1021952 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images