Trojan Agent – dupzshbrnzxnqwhyt.exe – 20bacdeb791650d428a8bcb98834f4c7

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan Agent
Also known as: Trojan Crypt, Worm Autorun
SHA256: 8e195c242dc46ea7b1d7080ca604fcf42d49277f0007aa037e03249506d0e453
SHA1: 2c90f66366937b30966cf0354159c814c2921788
MD5: 20bacdeb791650d428a8bcb98834f4c7
File size: 573440 bytes

Created files:

%WinDir%\dupzshbrnzxnqwhyt.exe – Trojan Agent
%WinDir%\kecpldatshibhqeywjfx.exe – Trojan Agent
%WinDir%\mealfvqherqhlsewsd.exe – Trojan Agent
%WinDir%\qmmbztsnofidlwmiixvpoj.exe – Trojan Agent
%SysDir%\dupzshbrnzxnqwhyt.exe – Trojan Agent
%SysDir%\kecpldatshibhqeywjfx.exe – Trojan Agent
%SysDir%\mealfvqherqhlsewsd.exe – Trojan Agent
%SysDir%\qmmbztsnofidlwmiixvpoj.exe – Trojan Agent
%SysDir%\wmgphvodyjgvxcmc.exe – Trojan Agent
%SysDir%\xqnzulhzxlldiqdwtfa.exe – Trojan Agent
%SysDir%\zuthexvppfhbishcbpmfd.exe – Trojan Agent
%WinDir%\wmgphvodyjgvxcmc.exe – Trojan Agent
%WinDir%\xqnzulhzxlldiqdwtfa.exe – Trojan Agent
%WinDir%\zuthexvppfhbishcbpmfd.exe – Trojan Agent
%Temp%\dupzshbrnzxnqwhyt.exe – Trojan Agent
%Temp%\kecpldatshibhqeywjfx.exe – Trojan Agent
%Temp%\mealfvqherqhlsewsd.exe – Trojan Agent
%Temp%\qmmbztsnofidlwmiixvpoj.exe – Trojan Agent
%Temp%\wmgphvodyjgvxcmc.exe – Trojan Agent
%Temp%\xeppydn.exe – Trojan Agent
%Temp%\xheepzwwhro.exe – Trojan Agent
%Temp%\xqnzulhzxlldiqdwtfa.exe – Trojan Agent
%Temp%\zuthexvppfhbishcbpmfd.exe – Trojan Agent

Trojan Agent created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mughrxip: wmgphvodyjgvxcmc.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zenls: %Temp%\wmgphvodyjgvxcmc.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: zuthexvppfhbishcbpmfd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\oaqvjtitkrkv: %Temp%\xqnzulhzxlldiqdwtfa.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: mealfvqherqhlsewsd.exe .
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\rcrvirfpfld: %Temp%\wmgphvodyjgvxcmc.exe .
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dmzbmtfnb: xqnzulhzxlldiqdwtfa.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: %Temp%\mealfvqherqhlsewsd.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\wguxjrench: mealfvqherqhlsewsd.exe .
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: %Temp%\zuthexvppfhbishcbpmfd.exe .

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images