XHEEPZWWHRO.EXE – Trojan Vilsel

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

XHEEPZWWHRO.EXE – Trojan Vilsel removal

FileMD5Virus Alias
XHEEPZWWHRO.EXE 7ae780fead68d429872c3b8dae6cd794 Trojan Vilsel
XHEEPZWWHRO.EXE 7ae780fead68d429872c3b8dae6cd794 Trojan Unknown.Suspicious.File
XHEEPZWWHRO.EXE 7ae780fead68d429872c3b8dae6cd794 Trojan PAM
XHEEPZWWHRO.EXE 7ae780fead68d429872c3b8dae6cd794 Trojan Renos
XHEEPZWWHRO.EXE 7ae780fead68d429872c3b8dae6cd794 Worm Autorun
XHEEPZWWHRO.EXE 7ae780fead68d429872c3b8dae6cd794 Trojan Agent

XHEEPZWWHRO.EXE size: 327680 bytes
XHEEPZWWHRO.EXE hash: 7AE780FEAD68D429872C3B8DAE6CD794

Created files:

%WinDir%\dupzshbrnzxnqwhyt.exe
%WinDir%\kecpldatshibhqeywjfx.exe
%WinDir%\mealfvqherqhlsewsd.exe
%WinDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\dupzshbrnzxnqwhyt.exe
%SysDir%\kecpldatshibhqeywjfx.exe
%SysDir%\mealfvqherqhlsewsd.exe
%SysDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\wmgphvodyjgvxcmc.exe
%SysDir%\xqnzulhzxlldiqdwtfa.exe
%SysDir%\zuthexvppfhbishcbpmfd.exe
%TEMP%\dupzshbrnzxnqwhyt.exe
%TEMP%\kecpldatshibhqeywjfx.exe
%TEMP%\mealfvqherqhlsewsd.exe
%TEMP%\qmmbztsnofidlwmiixvpoj.exe
%TEMP%\wmgphvodyjgvxcmc.exe
%TEMP%\xheepzwwhro.exe
%TEMP%\xqnzulhzxlldiqdwtfa.exe
%TEMP%\zuthexvppfhbishcbpmfd.exe
%WinDir%\wmgphvodyjgvxcmc.exe
%WinDir%\xqnzulhzxlldiqdwtfa.exe
%WinDir%\zuthexvppfhbishcbpmfd.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mughrxip: kecpldatshibhqeywjfx.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zenls: %TEMP%\kecpldatshibhqeywjfx.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: kecpldatshibhqeywjfx.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\oaqvjtitkrkv: %TEMP%\xqnzulhzxlldiqdwtfa.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: xqnzulhzxlldiqdwtfa.exe .
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\rcrvirfpfld: %TEMP%\wmgphvodyjgvxcmc.exe .
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dmzbmtfnb: zuthexvppfhbishcbpmfd.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: %TEMP%\wmgphvodyjgvxcmc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\wguxjrench: zuthexvppfhbishcbpmfd.exe .

Detected by UnHackMe:

XHEEPZWWHRO.EXE
Default location: %TEMP%\XHEEPZWWHRO.EXE

Dropper information:
MD5: 1a1b11a6d593b911b803189a5d53f0ba
File size: 573440 bytes

Leave a Reply