Trojan-Ransom Gimemo – Apple_Store.exe – 2ae166c2abc5e380c35dea3ab7a8d7f1

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan-Ransom Gimemo
Also known as: Trojan Zbot, Trojan Agent
SHA256: 1b2ab0ef73219cf086253c69cc4494a77ce2fc9116aa8f024735f37e6821aae8
SHA1: 1933482cd0d429c21fc17b5d2260030907c1ab1a
MD5: 2ae166c2abc5e380c35dea3ab7a8d7f1
File size: 235008 bytes

Created files:

%AppData%\Apple_Store.exe – Trojan-Ransom Gimemo

Trojan-Ransom Gimemo created autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{lXTP0Cq8-0o3i-jGt0-DZTH-UrYlWXzEbjCE}\dlxVLNiTSbbfN8U: “%AppData%\Apple_Store.exe” /ActiveX
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dlxVLNiTSbbfN8U: %AppData%\Apple_Store.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\Apple_Store.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\Apple_Store.exe,%WinDir%\System32\userinit.exe,
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dlxVLNiTSbbfN8U: %AppData%\Apple_Store.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\Apple_Store.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\Apple_Store.exe,%WinDir%\System32\userinit.exe,

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images