OPENCL.DLL – Trojan SuspiciousFile

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

OPENCL.DLL – Trojan SuspiciousFile removal

File MD5 Virus Alias
OPENCL.DLL b1ee490ca7f69090feb36ba54374aa78 Trojan SuspiciousFile

OPENCL.DLL size: 30056 bytes
OPENCL.DLL hash: B1EE490CA7F69090FEB36BA54374AA78

Created files:

%TEMP%\IXP000.TMP\CoolPDFReader.exe
%TEMP%\IXP000.TMP\pdf.exe
%TEMP%\_MEI24842\bin\csrss.exe
%TEMP%\_MEI24842\bin\diablo130302.cl
%TEMP%\_MEI24842\bin\diakgcn121016.cl
%TEMP%\_MEI24842\bin\explorer.exe
%TEMP%\_MEI24842\bin\libcurl.dll
%TEMP%\_MEI24842\bin\libeay32.dll
%TEMP%\_MEI24842\bin\libidn-11.dll
%TEMP%\_MEI24842\bin\minerd.dll
%TEMP%\_MEI24842\bin\OpenCL.dll
%TEMP%\_MEI24842\bin\phatk121016.cl
%TEMP%\_MEI24842\bin\poclbm130302.cl
%TEMP%\_MEI24842\bin\pthreadGC2.dll
%TEMP%\_MEI24842\bin\scrypt130511.cl
%TEMP%\_MEI24842\bin\ssleay32.dll
%TEMP%\_MEI24842\bin\winlogon.exe
%TEMP%\_MEI24842\bin\zlib1.dll
%TEMP%\_MEI24842\bz2.pyd
%TEMP%\_MEI24842\eggs\msgpack_python-0.3.0-py2.7-win32.egg
%TEMP%\_MEI24842\eggs\psutil-1.0.1-py2.7-win32.egg
%TEMP%\_MEI24842\eggs\wmi-1.4.9-py2.7-win32.egg
%TEMP%\_MEI24842\mfc90.dll
%TEMP%\_MEI24842\mfc90u.dll
%TEMP%\_MEI24842\mfcm90.dll
%TEMP%\_MEI24842\mfcm90u.dll
%TEMP%\_MEI24842\msgpack._packer.pyd
%TEMP%\_MEI24842\msgpack._unpacker.pyd
%TEMP%\_MEI24842\msvcm90.dll
%TEMP%\_MEI24842\msvcp90.dll
%TEMP%\_MEI24842\msvcr90.dll
%TEMP%\_MEI24842\pyexpat.pyd
%TEMP%\_MEI24842\pyHook._cpyHook.pyd
%TEMP%\_MEI24842\python27.dll
%TEMP%\_MEI24842\pythoncom27.dll
%TEMP%\_MEI24842\pywintypes27.dll
%TEMP%\_MEI24842\select.pyd
%TEMP%\_MEI24842\unicodedata.pyd
%TEMP%\_MEI24842\win32api.pyd
%TEMP%\_MEI24842\win32com.shell.shell.pyd
%TEMP%\_MEI24842\win32file.pyd
%TEMP%\_MEI24842\win32gui.pyd
%TEMP%\_MEI24842\win32pipe.pyd
%TEMP%\_MEI24842\win32trace.pyd
%TEMP%\_MEI24842\win32ui.pyd
%TEMP%\_MEI24842\_ctypes.pyd
%TEMP%\_MEI24842\_hashlib.pyd
%TEMP%\_MEI24842\_multiprocessing.pyd
%TEMP%\_MEI24842\_psutil_mswindows.pyd
%TEMP%\_MEI24842\_socket.pyd
%TEMP%\_MEI24842\_ssl.pyd
%TEMP%\_MEI24842\_win32sysloader.pyd

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: rundll32.exe %WinDir%\System32\advpack.dll,DelNodeRunDLL32 “%TEMP%\IXP000.TMP\”

Detected by UnHackMe:

OPENCL.DLL
Default location: %TEMP%\_MEI24842\BIN\OPENCL.DLL

Dropper information:
MD5: 125d357fea7d532c2bb474ecc3efd90b
File size: 8565760 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images