temp01.dll – Trojan Agent

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

temp01.dll – Trojan Agent removal

FileVirus Alias
temp01.dll Trojan Agent

Created files:

%WinDir%\ljthn.dll – Trojan Agent
%Temp%\2 – Trojan Agent
%Temp%\3F3F3F3F3F56322E343F3F3F\QMacroUI.ocx – Trojan Agent
%Temp%\temp01.dll – Trojan Agent
%Temp%\temp02.dll – Trojan Agent
%Temp%\xvhy.dll – Trojan Agent

Autostart registry keys:

HKLM\Software\Classes\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\InprocServer32 : %WinDir%\System32\MSScript.ocx
HKLM\Software\Classes\CLSID\{241D7F03-9232-4024-8373-149860BE27C0}\InprocServer32 : %WinDir%\ljthn.dll
HKLM\Software\Classes\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32 : %WinDir%\System32\VBScript.dll
HKLM\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\VBScript.dll
HKLM\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{B54F3742-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\VBScript.dll
HKLM\Software\Classes\CLSID\{B54F3742-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{B54F3743-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\VBScript.dll
HKLM\Software\Classes\CLSID\{B54F3743-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InprocServer32 : %WinDir%\ljthn.dll
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9} : Microsoft Windows Script 5.8
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\IsInstalled: 01000000
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\Version: 5,8,6001,18702
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\Locale: EN
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\ComponentID: MSVBScript

Detected by UnHackMe:

temp01.dll
Default location: %Temp%\temp01.dll

Dropper information:
SHA256: da89e3c8cf0bddb93d3d2e0d1ffcc0e4e00f24d1be286a21d4b0673ff7e29666
SHA1: 66f927eeeb22c3a5dd9fc03691bad965cfe3a0f4
MD5: 1b569c2ef3d54306952272d55bd65739
File size: 2409841 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images