Trojan Menti – 00dfcc6e8cdb8dc512addf6538aeef8d

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan Menti
Also known as: Trojan Agent, Trojan Kryptik
SHA256: a2385caf5f9ba8d88746cdc85a5f1d85d0450d5478a2d4fcb07e0d4472a35832
SHA1: 61346caab20f03e0efd6100afe7136a42d6ad183
MD5: 00dfcc6e8cdb8dc512addf6538aeef8d
File size: 1426944 bytes

Created files:

%SysDir%\avtapi32.dll – Trojan Menti
%SysDir%\hal32.exe – Trojan Menti
%SysDir%\rasser32.dll – Trojan Menti
%SysDir%\rasser32.exe – Trojan Menti
%SysDir%\scriptpw32.exe – Trojan Menti
%AppData%\SysWin\lsass.exe – Trojan Menti

Trojan Menti created autostart registry keys:

HKLM\Software\Classes\CLSID\{70D4E7AE-E95C-414D-8ECA-D4372C5F5BF8}\InprocServer32 : %WinDir%\System32\avtapi32.dll
HKLM\Software\Classes\CLSID\{70D4E7AE-E95C-414D-8ECA-D4372C5F5BF8}\InprocServer32\ThreadingModel: Both
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\RTHDBPL: %AppData%\SysWin\lsass.exe$Nw???OwNw???6v?60????|6v??(*$???????????|T?????|????
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs: 01000000
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\C:\Sandbox\BSA\drive\C\WINDOWS\System32\scriptpw32.exe: C:\Sandbox\BSA\drive\C\WINDOWS\System32\scriptpw32.exe:*:Enabled:Windows Update Service
HKLM\System\CurrentControlSet\Services\stisvc32\Type: 10000000
HKLM\System\CurrentControlSet\Services\stisvc32\Start: 02000000
HKLM\System\CurrentControlSet\Services\stisvc32\DisplayName: Windows Image Acquisition (WIA)
HKLM\System\CurrentControlSet\Services\stisvc32\ImagePath: %WinDir%\System32\scriptpw32.exe

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images