Trojan Agent – QMDispatch.dll – 5c2bfae83c87f237541446c28c86ca4f

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan Agent
SHA256: 8a674ab5b5ff2481b1248eb27578ffcad9bf5b9e80a740c6dee50ae8adeea5e2
SHA1: f78f6dba722219903d1dd591ce5282943743c59a
MD5: 5c2bfae83c87f237541446c28c86ca4f
File size: 873382 bytes

Created files:

%WinDir%\QMDispatch.dll – Trojan Agent
%SysDir%\jwjxtyl.dll – Trojan Agent

Trojan Agent created autostart registry keys:

HKLM\Software\Classes\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\InprocServer32 : MSScript.ocx
HKLM\Software\Classes\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32 : %WinDir%\System32\VBScript.dll
HKLM\Software\Classes\CLSID\{3F4DACA4-160D-11D2-A8E9-00104B365C9F}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\VBScript.dll
HKLM\Software\Classes\CLSID\{B54F3741-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{B54F3742-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\VBScript.dll
HKLM\Software\Classes\CLSID\{B54F3742-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{B54F3743-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32 : %WinDir%\System32\VBScript.dll
HKLM\Software\Classes\CLSID\{B54F3743-5B07-11CF-A4B0-00AA004A55E8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InprocServer32 : %WinDir%\QMDISP~1.DLL
HKLM\Software\Classes\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\InprocServer32 : %WinDir%\QMDISP~1.DLL
HKLM\Software\Classes\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9} : Microsoft Windows Script 5.8
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\IsInstalled: 01000000
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\Version: 5,8,6001,18702
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\Locale: EN
HKLM\Software\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}\ComponentID: MSVBScript

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images