Backdoor Maximus – nwcwks.dll – 3d2843ea8c3231374bfaf4af6b787b0c

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Backdoor Maximus
Also known as: Trojan Crypt, Trojan Downloader.Generic
SHA256: 1fd4c85d5644124d6bc224f0d79c61f7ff579b8f37af25e6ea34769ce7c5ce5a
SHA1: 1b25a926abad7a365d3ce217e64d529621278e42
MD5: 3d2843ea8c3231374bfaf4af6b787b0c
File size: 266203 bytes

Created files:

%SysDir%\nwcwks.dll – Backdoor Maximus
%AppData%\a8frfra.exe – Backdoor Maximus
%AppData%\g7hq.exe – Backdoor Maximus
%AppData%\ljysba.exe – Backdoor Maximus

Backdoor Maximus created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\md0g81r5: %AppData%\g7hq.exe
HKLM\System\CurrentControlSet\Services\NWCWorkstation\Type: 20000000
HKLM\System\CurrentControlSet\Services\NWCWorkstation\Start: 02000000
HKLM\System\CurrentControlSet\Services\NWCWorkstation\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\NWCWorkstation\DisplayName: Client Service for NetWare
HKLM\System\CurrentControlSet\Services\NWCWorkstation\ImagePath: %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\System\CurrentControlSet\Services\NWCWorkstation\SBIE_StartTicks: 2EBA0F00
HKLM\System\CurrentControlSet\Services\NWCWorkstation\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C006E007700630077006B0073002E0064006C006C000000

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images