Trojan-Ransom Gimemo – WinrarArchiver.exe – 24a067e94f182a522bcd38c06b4b38d4

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan-Ransom Gimemo
Also known as: Trojan Winlock, Trojan Zbot
SHA256: 40fe01f4c2bb07a1bcaa75b5d9149fffbb863502e23325bc23c91173a3766c13
SHA1: 3d36aaf79f2bb63729f4a1905cf6bc25e01644b4
MD5: 24a067e94f182a522bcd38c06b4b38d4
File size: 286720 bytes

Created files:

%AppData%\WinrarArchiver.exe – Trojan-Ransom Gimemo

Trojan-Ransom Gimemo created autostart registry keys:

HKLM\Software\Microsoft\Active Setup\Installed Components\{oYBieRew-1yqH-kRQp-D9g6-VCkKMyxQRD0z}\SkirUGGBa7lvZk3: “%AppData%\WinrarArchiver.exe” /ActiveX
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SkirUGGBa7lvZk3: %AppData%\WinrarArchiver.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\WinrarArchiver.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\WinrarArchiver.exe,%WinDir%\System32\userinit.exe,
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SkirUGGBa7lvZk3: %AppData%\WinrarArchiver.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\WinrarArchiver.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\WinrarArchiver.exe,%WinDir%\System32\userinit.exe,

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images