PHOTO-XXX.EXE – Trojan Otran

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

PHOTO-XXX.EXE – Trojan Otran removal

FileMD5Virus Alias
PHOTO-XXX.EXE 0c9e5b4a9ac09ed40753215546cf6200 Trojan Otran
PHOTO-XXX.EXE 0c9e5b4a9ac09ed40753215546cf6200 Trojan VBTrojan
PHOTO-XXX.EXE 0c9e5b4a9ac09ed40753215546cf6200 Trojan SuspiciousFile
PHOTO-XXX.EXE 0c9e5b4a9ac09ed40753215546cf6200 Trojan Generic
PHOTO-XXX.EXE 0c9e5b4a9ac09ed40753215546cf6200 Trojan Downloader
PHOTO-XXX.EXE 0c9e5b4a9ac09ed40753215546cf6200 Worm Autorun

PHOTO-XXX.EXE size: 331264 bytes
PHOTO-XXX.EXE hash: 0C9E5B4A9AC09ED40753215546CF6200

Created files:

C:\Photo-XXX.exe
%SysDir%\4K51K4.exe
%SysDir%\GoldenGhost.exe
%SysDir%\K0L4B0R451.exe
%SysDir%\Kantuk.exe
%SysDir%\Shell32.com
%SysDir%\~A~m~B~u~R~a~D~u~L~\winlogon.exe
C:\WINFILE.exe
%Common Startmenu%\Programs\Startup\Empty.pif

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winlogon: %WinDir%\System32\~A~m~B~u~R~a~D~u~L~\winlogon.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe “%WinDir%\System32\K0L4B0R451.exe”
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\System32\K0L4B0R451.exe
HKCU\Control Panel\Desktop\SCRNSAVE.EXE: %WinDir%\System32\Windows_3D.scr
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Revenger: %WinDir%\System32\K0L4B0R451.exe

Detected by UnHackMe:

PHOTO-XXX.EXE
Default location: C:\PHOTO-XXX.EXE

Dropper information:
MD5: 0c9e5b4a9ac09ed40753215546cf6200
File size: 331264 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images