Trojan Delphi – DGSHASDHAHDSJKSJS.exe – b4bd5b2d46c89d6c6d8cd9554298129c

Trojan Delphi
Also known as: Trojan Banker, Trojan ADH
SHA256: d977bcbe77668d888622d2cb2ee4a2afd6c1dbcb4c0aeb7b50319d3febaeb645
SHA1: 5b9a26b029165f22b536adf42930849421ac75c3
MD5: b4bd5b2d46c89d6c6d8cd9554298129c
File size: 306473 bytes

Created files:

C:\DGSHASDHAHDSJKSJS.exe – Trojan Delphi
C:\maneira.exe – Trojan Delphi
C:\OODOE09292.exe – Trojan Delphi
C:\VER.exe – Trojan Delphi
%SysDir%\azullProj1.ocx – Trojan Delphi
%SysDir%\laranjaProj1.ocx – Trojan Delphi
%SysDir%\leitozeProj1.ocx – Trojan Delphi
%SysDir%\seguservProj1.ocx – Trojan Delphi
%SysDir%\usuariosProj1.ocx – Trojan Delphi
C:\YDEYHS0012.exe – Trojan Delphi

Trojan Delphi created autostart registry keys:

HKLM\Software\Classes\CLSID\{02FEF7BF-9FDF-4895-B62C-AB1185AC1A1A}\InprocServer32 : %WinDir%\System32\seguservProj1.ocx
HKLM\Software\Classes\CLSID\{02FEF7BF-9FDF-4895-B62C-AB1185AC1A1A}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{1D6BBDB2-2347-456F-AD63-788A550934FC}\InprocServer32 : %WinDir%\System32\azullProj1.ocx
HKLM\Software\Classes\CLSID\{1D6BBDB2-2347-456F-AD63-788A550934FC}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{35F39059-39A5-4C72-BFC3-FEBF845E1079}\InprocServer32 : %WinDir%\System32\usuariosProj1.ocx
HKLM\Software\Classes\CLSID\{35F39059-39A5-4C72-BFC3-FEBF845E1079}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{3AD40AFB-B410-4FA8-B46C-1BA775D29010}\InprocServer32 : %WinDir%\System32\laranjaProj1.ocx
HKLM\Software\Classes\CLSID\{3AD40AFB-B410-4FA8-B46C-1BA775D29010}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{A4409848-0D2C-4676-9442-E7E34CD4C077}\InprocServer32 : %WinDir%\System32\leitozeProj1.ocx
HKLM\Software\Classes\CLSID\{A4409848-0D2C-4676-9442-E7E34CD4C077}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Microsoft\Windows\CurrentVersion\RUN\DGSHASDHAHDSJKSJS.exe: C:\DGSHASDHAHDSJKSJS.exe