ST5UNST.EXE – Trojan Vundo

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

ST5UNST.EXE – Trojan Vundo removal

FileMD5Virus Alias
ST5UNST.EXE 6442d7f15451bf91d5197684288cf04f Trojan Vundo
ST5UNST.EXE 6442d7f15451bf91d5197684288cf04f Trojan SuspiciousFile

ST5UNST.EXE size: 28672 bytes
ST5UNST.EXE hash: 6442D7F15451BF91D5197684288CF04F

Created files:

%WinDir%\SETUP.LST
%WinDir%\setup1.exe
%WinDir%\ST5UNST.000
%WinDir%\ST5UNST.EXE
%SysDir%\VB5CHS.dll
%SysDir%\VB5StKit.dll
%Temp%\WZSE0.TMP\AsycFilt.dl_
%Temp%\WZSE0.TMP\chinesebig5.ln_
%Temp%\WZSE0.TMP\chinesegb2312.ln_
%Temp%\WZSE0.TMP\chmdecompiler.ht_
%Temp%\WZSE0.TMP\chmdecompiler.xm_
%Temp%\WZSE0.TMP\ComCat.dl_
%Temp%\WZSE0.TMP\COMCTL32.OC_
%Temp%\WZSE0.TMP\Ctl3d32.dl_
%Temp%\WZSE0.TMP\dirindex.cs_
%Temp%\WZSE0.TMP\ebook01.ht_
%Temp%\WZSE0.TMP\ebook02.ht_
%Temp%\WZSE0.TMP\ebook03.ht_
%Temp%\WZSE0.TMP\ebook04.ht_
%Temp%\WZSE0.TMP\ebook05.ht_
%Temp%\WZSE0.TMP\ebook06.ht_
%Temp%\WZSE0.TMP\ebook07.ht_
%Temp%\WZSE0.TMP\english.ln_
%Temp%\WZSE0.TMP\eTextWizard.ex_
%Temp%\WZSE0.TMP\etextwizard.ht_
%Temp%\WZSE0.TMP\etextwizard.xm_
%Temp%\WZSE0.TMP\ewHelp.ch_
%Temp%\WZSE0.TMP\ewhelpBig5.ch_
%Temp%\WZSE0.TMP\hcrtf.ex_
%Temp%\WZSE0.TMP\hh.ex_
%Temp%\WZSE0.TMP\HHA.DL_
%Temp%\WZSE0.TMP\hhc.ex_
%Temp%\WZSE0.TMP\hwdll.dl_
%Temp%\WZSE0.TMP\itcc.dl_
%Temp%\WZSE0.TMP\Ms Files.tx_
%Temp%\WZSE0.TMP\Ms FilesBig5.tx_
%Temp%\WZSE0.TMP\MSVBVM50.dl_
%Temp%\WZSE0.TMP\mywinpy.da_
%Temp%\WZSE0.TMP\OleAut32.dl_
%Temp%\WZSE0.TMP\OlePro32.dl_
%Temp%\WZSE0.TMP\ReadmeBig5.htm_
%Temp%\WZSE0.TMP\ReadmeGB.htm_
%Temp%\WZSE0.TMP\SETUP.EXE
%Temp%\WZSE0.TMP\SETUP.LST
%Temp%\WZSE0.TMP\setup1.ex_
%Temp%\WZSE0.TMP\ST5UNST.EX_
%Temp%\WZSE0.TMP\StdOle2.tl_
%Temp%\WZSE0.TMP\TabCtCHS.dl_
%Temp%\WZSE0.TMP\TABCTL32.OC_
%Temp%\WZSE0.TMP\Technical_Support.ur_
%Temp%\WZSE0.TMP\Technical_Support2.ur_
%Temp%\WZSE0.TMP\unwc.ht_
%Temp%\WZSE0.TMP\unwc.xm_
%Temp%\WZSE0.TMP\VB5CHS.dl_
%Temp%\WZSE0.TMP\VB5StKit.dl_
%Temp%\WZSE0.TMP\Web_Site.ur_
%Temp%\WZSE0.TMP\Web_Site2.ur_
%Temp%\WZSE0.TMP\zipghost.ht_
%Temp%\WZSE0.TMP\zipghost.xm_

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\EventLog\Application\VBRuntime\EventMessageFile: %WinDir%\System32\MSVBVM50.dll
HKLM\System\CurrentControlSet\Services\EventLog\Application\VBRuntime\TypesSupported: 04000000

Detected by UnHackMe:

ST5UNST.EXE
Default location: %WinDir%\ST5UNST.EXE

Dropper information:
MD5: 0e747c169c6f4b1e5444a3449e48e927
File size: 3726848 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images