Z5.EXE – Trojan Bancos

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

Z5.EXE – Trojan Bancos removal

FileMD5Virus Alias
Z5.EXE 2e0f611040dada33cdc0507c134faf57 Trojan Bancos
Z5.EXE 2e0f611040dada33cdc0507c134faf57 Suspicious File
Z5.EXE 2e0f611040dada33cdc0507c134faf57 Trojan Crypt

Z5.EXE size: 102400 bytes
Z5.EXE hash: 2E0F611040DADA33CDC0507C134FAF57

Created files:

C:\Windows\System32\DOWIRE.sys
C:\Windows\System32\z5.exe
C:\Windows\System32\z6.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\DOWIRE\Type: 01000000
HKLM\System\CurrentControlSet\Services\DOWIRE\Start: 03000000
HKLM\System\CurrentControlSet\Services\DOWIRE\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\DOWIRE\DisplayName: DOWIRE
HKLM\System\CurrentControlSet\Services\DOWIRE\ImagePath: C:\Windows\System32\DOWIRE.sys

Detected by UnHackMe:

Z5.EXE
Default location: %SYSDIR%\Z5.EXE

Dropper information:
MD5: 4e14b367a53b32515aa513c5d220b561
File size: 218112 bytes

Leave a Reply