Trojan-Ransom Gimemo – 6suj6yri8ude.exe – 63c872feef4f88b6804743dede793dc1

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan-Ransom Gimemo
Also known as: Trojan-Ransom Winlock, Trojan Kryptik
SHA256: 6c8bc078704d8f6089905ca42e583386e5b0f25c7814fe3e87c75a4648748f7c
SHA1: 9c64fa6aed9b1debe48113e8f55caf747212b6b8
MD5: 63c872feef4f88b6804743dede793dc1
File size: 299520 bytes

Created files:

%AppData%\6suj6yri8ude.exe – Trojan-Ransom Gimemo

Trojan-Ransom Gimemo created autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{jMb2fne8-Yclv-fFq8-zXQQ-SgfybIoEJQTY}\A1aH4dI8krYzW04: “%AppData%\6suj6yri8ude.exe” /ActiveX
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\A1aH4dI8krYzW04: %AppData%\6suj6yri8ude.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\6suj6yri8ude.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\6suj6yri8ude.exe,%WinDir%\System32\userinit.exe,
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\A1aH4dI8krYzW04: %AppData%\6suj6yri8ude.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\6suj6yri8ude.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\6suj6yri8ude.exe,%WinDir%\System32\userinit.exe,

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images