WIN32GUI.PYD – Trojan PAK_Generic

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

WIN32GUI.PYD – Trojan PAK_Generic removal

FileMD5Virus Alias
WIN32GUI.PYD 21d919030a29f626219b3da21d75bd30 Trojan PAK_Generic
WIN32GUI.PYD 21d919030a29f626219b3da21d75bd30 Trojan SuspiciousFile

WIN32GUI.PYD size: 43520 bytes
WIN32GUI.PYD hash: 21D919030A29F626219B3DA21D75BD30

Created files:

%TEMP%\IXP000.TMP\CoolPDFReader.exe
%TEMP%\IXP000.TMP\pdf.exe
%TEMP%\_MEI24842\bin\csrss.exe
%TEMP%\_MEI24842\bin\diablo130302.cl
%TEMP%\_MEI24842\bin\diakgcn121016.cl
%TEMP%\_MEI24842\bin\explorer.exe
%TEMP%\_MEI24842\bin\libcurl.dll
%TEMP%\_MEI24842\bin\libeay32.dll
%TEMP%\_MEI24842\bin\libidn-11.dll
%TEMP%\_MEI24842\bin\minerd.dll
%TEMP%\_MEI24842\bin\OpenCL.dll
%TEMP%\_MEI24842\bin\phatk121016.cl
%TEMP%\_MEI24842\bin\poclbm130302.cl
%TEMP%\_MEI24842\bin\pthreadGC2.dll
%TEMP%\_MEI24842\bin\scrypt130511.cl
%TEMP%\_MEI24842\bin\ssleay32.dll
%TEMP%\_MEI24842\bin\winlogon.exe
%TEMP%\_MEI24842\bin\zlib1.dll
%TEMP%\_MEI24842\bz2.pyd
%TEMP%\_MEI24842\eggs\msgpack_python-0.3.0-py2.7-win32.egg
%TEMP%\_MEI24842\eggs\psutil-1.0.1-py2.7-win32.egg
%TEMP%\_MEI24842\eggs\wmi-1.4.9-py2.7-win32.egg
%TEMP%\_MEI24842\mfc90.dll
%TEMP%\_MEI24842\mfc90u.dll
%TEMP%\_MEI24842\mfcm90.dll
%TEMP%\_MEI24842\mfcm90u.dll
%TEMP%\_MEI24842\msgpack._packer.pyd
%TEMP%\_MEI24842\msgpack._unpacker.pyd
%TEMP%\_MEI24842\msvcm90.dll
%TEMP%\_MEI24842\msvcp90.dll
%TEMP%\_MEI24842\msvcr90.dll
%TEMP%\_MEI24842\pyexpat.pyd
%TEMP%\_MEI24842\pyHook._cpyHook.pyd
%TEMP%\_MEI24842\python27.dll
%TEMP%\_MEI24842\pythoncom27.dll
%TEMP%\_MEI24842\pywintypes27.dll
%TEMP%\_MEI24842\select.pyd
%TEMP%\_MEI24842\unicodedata.pyd
%TEMP%\_MEI24842\win32api.pyd
%TEMP%\_MEI24842\win32com.shell.shell.pyd
%TEMP%\_MEI24842\win32file.pyd
%TEMP%\_MEI24842\win32gui.pyd
%TEMP%\_MEI24842\win32pipe.pyd
%TEMP%\_MEI24842\win32trace.pyd
%TEMP%\_MEI24842\win32ui.pyd
%TEMP%\_MEI24842\_ctypes.pyd
%TEMP%\_MEI24842\_hashlib.pyd
%TEMP%\_MEI24842\_multiprocessing.pyd
%TEMP%\_MEI24842\_psutil_mswindows.pyd
%TEMP%\_MEI24842\_socket.pyd
%TEMP%\_MEI24842\_ssl.pyd
%TEMP%\_MEI24842\_win32sysloader.pyd

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: rundll32.exe %WinDir%\System32\advpack.dll,DelNodeRunDLL32 “%TEMP%\IXP000.TMP\”

Detected by UnHackMe:

WIN32GUI.PYD
Default location: %TEMP%\_MEI24842\WIN32GUI.PYD

Dropper information:
MD5: 125d357fea7d532c2bb474ecc3efd90b
File size: 8565760 bytes

Leave a Reply