ROLLINGPOP_R.EXE – Trojan BadReputation

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

ROLLINGPOP_R.EXE – Trojan BadReputation removal

FileMD5Virus Alias
ROLLINGPOP_R.EXE 3abb7006ce9ac527d08544506f53de35 Trojan BadReputation
ROLLINGPOP_R.EXE 3abb7006ce9ac527d08544506f53de35 Trojan Agent

ROLLINGPOP_R.EXE size: 32768 bytes
ROLLINGPOP_R.EXE hash: 3ABB7006CE9AC527D08544506F53DE35

Created files:

%SysDir%\Base64.dll
%AppData%\RollingPop\NTVBSvc.tlb
%AppData%\RollingPop\RollingPop_E.exe
%AppData%\RollingPop\RollingPop_R.exe
%AppData%\RollingPop\RollingPop_S.exe
%AppData%\RollingPop\RollingPop_U.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\RollingPop_Service\Type: 10000000
HKLM\System\CurrentControlSet\Services\RollingPop_Service\Start: 02000000
HKLM\System\CurrentControlSet\Services\RollingPop_Service\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\RollingPop_Service\DisplayName: RollingPop_Service
HKLM\System\CurrentControlSet\Services\RollingPop_Service\ImagePath: %WinDir%\System32\config\Systemprofile\Application Data\RollingPop\RollingPop_S.exe ROLL05
HKLM\System\CurrentControlSet\Services\RollingPop_Service\ObjectName: LocalSystem

Detected by UnHackMe:

ROLLINGPOP_R.EXE
Default location: %APPDATA%\ROLLINGPOP\ROLLINGPOP_R.EXE

Dropper information:
MD5: 565aec3aaac9ffd77c71eb7fabe2d03b
File size: 1251200 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images