Trojan-Ransom Gimemo – d4d01cd027b96d6f682b0d49eaf7c94f

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan-Ransom Gimemo
Also known as: Trojan Winlock, Trojan Zbot
SHA256: 2e927a5afdf5db61e84cd00220dc4664176355e7b93c9b2127067c366cace2e2
SHA1: 7678bad4814c5aa83679486f9fec08f3eb88bae9
MD5: d4d01cd027b96d6f682b0d49eaf7c94f
File size: 230400 bytes

Created files:

%AppData%\bauesch.exe – Trojan-Ransom Gimemo

Trojan-Ransom Gimemo created autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{HPEML2Sj-mfPg-GyeY-ZQEF-hjJiIo1PkW6M}\ALYQ3CgTRBSYLwE: “%AppData%\bauesch.exe” /ActiveX
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ALYQ3CgTRBSYLwE: %AppData%\bauesch.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\bauesch.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\bauesch.exe,%WinDir%\System32\userinit.exe,
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ALYQ3CgTRBSYLwE: %AppData%\bauesch.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\bauesch.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\bauesch.exe,%WinDir%\System32\userinit.exe,

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images