GETCODE.DLL – Trojan OnLineGames

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

GETCODE.DLL – Trojan OnLineGames removal

FileMD5Virus Alias
GETCODE.DLL 6f69c5c3ebbedb5610a9662886adffef Trojan OnLineGames
GETCODE.DLL 6f69c5c3ebbedb5610a9662886adffef Trojan SuspiciousFile
GETCODE.DLL 6f69c5c3ebbedb5610a9662886adffef Trojan Agent

GETCODE.DLL size: 970752 bytes
GETCODE.DLL hash: 6F69C5C3EBBEDB5610A9662886ADFFEF

Created files:

%SysDir%\mswinsck.ocx
%TEMP%\IXP000.TMP\convpic.dll
%TEMP%\IXP000.TMP\getcode.dll
%TEMP%\IXP000.TMP\mswinsck.ocx
%TEMP%\IXP000.TMP\??????.exe

Autostart registry keys:

HKLM\Software\Classes\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 : %WinDir%\System32\MSWINSCK.OCX
HKLM\Software\Classes\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 : %WinDir%\System32\MSWINSCK.OCX
HKLM\Software\Classes\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{B54F3742-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{B54F3742-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{B54F3743-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\vbscript.dll
HKLM\Software\Classes\CLSID\{B54F3743-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9} : Microsoft Windows Script 5.8
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\IsInstalled: 01000000
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\Version: 5,8,6001,18702
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\Locale: EN
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\ComponentID: MSVBScript

Detected by UnHackMe:

GETCODE.DLL
Default location: %TEMP%\IXP000.TMP\GETCODE.DLL

Dropper information:
MD5: e3e13e8e337799918554102b7185393b
File size: 576000 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images