RASAPI32.DLL.BAK1 – Trojan Artemis

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

RASAPI32.DLL.BAK1 – Trojan Artemis removal

FileMD5Virus Alias
RASAPI32.DLL.BAK1 14113de8dbf2570f8faeda7116e1acc5 Trojan Artemis
RASAPI32.DLL.BAK1 14113de8dbf2570f8faeda7116e1acc5 Trojan Generic
RASAPI32.DLL.BAK1 14113de8dbf2570f8faeda7116e1acc5 Trojan Eldorado
RASAPI32.DLL.BAK1 14113de8dbf2570f8faeda7116e1acc5 Trojan OnLineGames
RASAPI32.DLL.BAK1 14113de8dbf2570f8faeda7116e1acc5 Trojan Agent

RASAPI32.DLL.BAK1 size: 237568 bytes
RASAPI32.DLL.BAK1 hash: 14113DE8DBF2570F8FAEDA7116E1ACC5

Created files:

C:\windows\system32\0TMG.dll
C:\windows\system32\dllcache\rasapi32.dll.gaga
C:\windows\system32\dlsp.dll
C:\windows\system32\keepdaili.exe
C:\windows\system32\qqsockdaili.exe
C:\windows\system32\qqsockdaili1.exe
C:\windows\system32\rasapi32.dll.bak
C:\windows\system32\rasapi32.dll.bak1

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\WS2IFSL\Type: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\Start: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\WS2IFSL\DisplayName: Windows Socket 2.0 Non-IFS Service Provider Support Environment
HKLM\System\CurrentControlSet\Services\WS2IFSL\ImagePath: \SystemRoot\System32\drivers\ws2ifsl.sys

Detected by UnHackMe:

RASAPI32.DLL.BAK1
Default location: %SYSDIR%\RASAPI32.DLL.BAK1

Dropper information:
MD5: 6e260d667a354bda80fdc6f13b71ba90
File size: 221184 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images