Trojan-Ransom Gimemo – f28f9cb1ff043c109797454bde26e269

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan-Ransom Gimemo
Also known as: Trojan Agent, Trojan Winlock
SHA256: 30855ce3aa2a5720a12e712c5e276dece0f1bec5920f1c55be3d367a71d540c9
SHA1: bc0bf125f4e4d96ce2090cae21587395fb21aaf5
MD5: f28f9cb1ff043c109797454bde26e269
File size: 288256 bytes

Created files:

%AppData%\Apple_Store.exe – Trojan-Ransom Gimemo

Trojan-Ransom Gimemo created autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{lXTP0Cq8-0o3i-jGt0-DZTH-UrYlWXzEbjCE}\dlxVLNiTSbbfN8U: “%AppData%\Apple_Store.exe” /ActiveX
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dlxVLNiTSbbfN8U: %AppData%\Apple_Store.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\Apple_Store.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\Apple_Store.exe,%WinDir%\System32\userinit.exe,
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dlxVLNiTSbbfN8U: %AppData%\Apple_Store.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\Apple_Store.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\Apple_Store.exe,%WinDir%\System32\userinit.exe,

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images