Trojan Agent
SHA256: 01da98050f2de966efaadcaccb58f5f9e2e6b115835adb2b4e560549360b7854
SHA1: 593fa22cc9ba4f712e70c9e362e146c128f2af73
MD5: 8c2c41448afafc09772eea93fec658e2
File size: 1786456 bytes

Created files:

%Program Files%\Funmoods\1.5.23.22\bh\escort.dll – Trojan Agent
%Program Files%\Funmoods\1.5.23.22\escortApp.dll – Trojan Agent
%Program Files%\Funmoods\1.5.23.22\escortEng.dll – Trojan Agent
%Program Files%\Funmoods\1.5.23.22\escorTlbr.dll – Trojan Agent
%Program Files%\Funmoods\1.5.23.22\escortShld.dll – Trojan Agent
%Program Files%\Funmoods\1.5.23.22\funmoodssrv.exe – Trojan Agent
%Program Files%\Funmoods\1.5.23.22\uninstall.exe – Trojan Agent

Trojan Agent created autostart registry keys:

HKLM\Software\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\InprocServer32 : C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll
HKLM\Software\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\InprocServer32\ThreadingModel: apartment
HKLM\Software\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}\InprocServer32 : C:\PROGRA~1\Funmoods\1.5.23.22\bh\escort.dll
HKLM\Software\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}\InprocServer32\ThreadingModel: apartment
HKLM\Software\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\InprocServer32 : C:\PROGRA~1\Funmoods\1.5.23.22\escorTlbr.dll
HKLM\Software\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\InprocServer32\ThreadingModel: apartment
HKLM\Software\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}\InprocServer32 : C:\PROGRA~1\Funmoods\1.5.23.22\escortApp.dll
HKLM\Software\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}\InprocServer32\ThreadingModel: apartment
HKLM\Software\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}\InprocServer32 : C:\PROGRA~1\Funmoods\1.5.23.22\escortEng.dll
HKLM\Software\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}\InprocServer32\ThreadingModel: apartment