CULDWNF.EXE – Fake Antivirus FakeVimes

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

CULDWNF.EXE – Fake Antivirus FakeVimes removal

FileMD5Virus Alias
CULDWNF.EXE 01e5c61c5c224a8cf2936747e68bfaf3 Fake Antivirus FakeVimes
CULDWNF.EXE 01e5c61c5c224a8cf2936747e68bfaf3 Trojan Click
CULDWNF.EXE 01e5c61c5c224a8cf2936747e68bfaf3 Trojan Eldorado
CULDWNF.EXE 01e5c61c5c224a8cf2936747e68bfaf3 Trojan Downloader
CULDWNF.EXE 01e5c61c5c224a8cf2936747e68bfaf3 Trojan Adload
CULDWNF.EXE 01e5c61c5c224a8cf2936747e68bfaf3 Trojan Agent

CULDWNF.EXE size: 773632 bytes
CULDWNF.EXE hash: 01E5C61C5C224A8CF2936747E68BFAF3

Created files:

%SysDir%\BSJBULC.DLL
%SysDir%\CULDWNF.EXE
%SysDir%\IZQHZQHYQH.DLL
%SysDir%\LBTKTICTMEZ.AAB
%SysDir%\ma8gPDyg.dll
%SysDir%\TKBSKBSKBTKBSJ.OKC
%SysDir%\XPHZS.DLL
%SysDir%\YQIARJ.DLL

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\ServerPanle\Type: 10010000
HKLM\System\CurrentControlSet\Services\ServerPanle\Start: 02000000
HKLM\System\CurrentControlSet\Services\ServerPanle\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\ServerPanle\DisplayName: WinServerPanle
HKLM\System\CurrentControlSet\Services\ServerPanle\ImagePath: %WinDir%\System32\CULDWNF.EXE

Detected by UnHackMe:

CULDWNF.EXE
Default location: %SYSDIR%\CULDWNF.EXE

Dropper information:
MD5: 1e3a4d1102073e5c93d90789b5211e71
File size: 804352 bytes

Leave a Reply