Worm Brontok – KesenjanganSosial.exe – 41bc917a697ab13ecb4c97496300080b

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

Worm Brontok
Also known as: Backdoor Hupigon, Trojan Agent
SHA256: 12d5a47f20853176b8ea4941b8386171e668272b69a1745160222cb98c724d25
SHA1: 3963b429bf098b194c49a83a4360d65b5c56c746
MD5: 41bc917a697ab13ecb4c97496300080b
File size: 45417 bytes

Created files:

%WinDir%\KesenjanganSosial.exe – Worm Brontok
%WinDir%\ShellNew\RakyatKelaparan.exe – Worm Brontok
%SysDir%\cmd-brontok.exe – Worm Brontok
%SysDir%\msvbvm60.dll – Worm Brontok
%SysDir%\USER’s Setting.scr – Worm Brontok
%Local AppData%\br5205on.exe – Worm Brontok
%Local AppData%\csrss.exe – Worm Brontok
%Local AppData%\inetinfo.exe – Worm Brontok
%Local AppData%\lsass.exe – Worm Brontok
%Local AppData%\services.exe – Worm Brontok
%Local AppData%\smss.exe – Worm Brontok
%Local AppData%\svchost.exe – Worm Brontok
%Local AppData%\winlogon.exe – Worm Brontok
%UserProfile%\Templates\8592-NendangBro.com – Worm Brontok

Worm Brontok created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\run\Bron-Spizaetus: “%WinDir%\ShellNew\RakyatKelaparan.exe”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe “%WinDir%\KesenjanganSosial.exe”
HKCU\Software\Microsoft\Windows\CurrentVersion\run\Tok-Cirrhatus-2091: “%Local AppData%\br5205on.exe”

Leave a Reply