FUJ.EXE – KeyLogger Ardamax removal

FUJ.EXE size: 2387456 bytes
FUJ.EXE hash: 0D6DF13F50584F48A1472158436D27EC

Created files:

%SysDir%\AMQBAA\FUJ.00
%SysDir%\AMQBAA\FUJ.01
%SysDir%\AMQBAA\FUJ.02
%SysDir%\AMQBAA\FUJ.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\FUJ Start: %WinDir%\System32\AMQBAA\FUJ.exe

Detected by UnHackMe:

FUJ.EXE
Default location: %SYSDIR%\AMQBAA\FUJ.EXE

Dropper information:
MD5: a62873e525b3f8d880e9966497bd7547
File size: 2082304 bytes