CMD.EXE – Suspicious File

February 11, 2013

Alex NightWatcher

Suspicious No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

CMD.EXE – Suspicious File removal

File	MD5	Virus Alias
CMD.EXE	8f0550b663c5c8106e64bb01c0605315	Suspicious File
CMD.EXE	8f0550b663c5c8106e64bb01c0605315	Trojan Genome
CMD.EXE	8f0550b663c5c8106e64bb01c0605315	Trojan Eldorado
CMD.EXE	8f0550b663c5c8106e64bb01c0605315	Trojan Agent

CMD.EXE size: 30660 bytes
CMD.EXE hash: 8F0550B663C5C8106E64BB01C0605315

Created files:

%WinDir%\conime\iexplorer.exe
%WinDir%\conime\SSDT01.sys
%WinDir%\DownQvod.exe
%WinDir%\setup8.exe
%WinDir%\SHNIBDATE.EXE
%SysDir%\360Update\cmd.exe
%WinDir%\tianxing.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\S\Type: 01000000
HKLM\System\CurrentControlSet\Services\S\Start: 03000000
HKLM\System\CurrentControlSet\Services\S\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\S\DisplayName: S
HKLM\System\CurrentControlSet\Services\S\ImagePath: %WinDir%\conime\SSDT01.sys

Detected by UnHackMe:

CMD.EXE
Default location: %SYSDIR%\360UPDATE\CMD.EXE

Dropper information:
MD5: 88713add0d2bfef9376ea938a0545a9e
File size: 843332 bytes

Leave a Reply Cancel reply

You must be logged in to post a comment.