Trojan Small – update.exe – fd185630944384dd09cdd36183680843

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan Small
Also known as: Trojan Delf, Trojan Agent
SHA256: 4d474f2446a19534f555ddae0e563a4a5f24d8c3792f64402386c2a2d5bdecbf
SHA1: 03e0d1d4a83fd7524a1188e4d903c55758b39873
MD5: fd185630944384dd09cdd36183680843
File size: 1010399 bytes

Created files:

%Program Files%\pcast\PodcastbarMini\update.exe – Trojan Small
C:\temp\10059.exe – Trojan Small
C:\temp\102600.exe – Trojan Small
C:\temp\2049.exe – Trojan Small
C:\temp\amstream.dll – Trojan Small
C:\temp\boba_super_update-1.0.0.1_Ete_067.exe – Trojan Small
C:\temp\Loadam.exe – Trojan Small
C:\temp\newweb10296.EXE – Trojan Small
C:\temp\tool.exe – Trojan Small
C:\temp\wd2_051117_WIS271_mini.exe – Trojan Small
%WinDir%\system\java.exe – Trojan Small
%SysDir%\msicn\msibm.dll – Trojan Small
%SysDir%\msicn\plugins\bse.dll – Trojan Small
%SysDir%\mssv.exe – Trojan Small
%SysDir%\spoolsv\spoolsv.exe – Trojan Small
%SysDir%\sysreal32.dll – Trojan Small
%SysDir%\WinSC.dll – Trojan Small
%Common AppData%\Microsoft\IEHelper\2049.exe – Trojan Small
%Common AppData%\Microsoft\IEHelper\IEHelper_4769.dll – Trojan Small
%Temp%\2049.exe – Trojan Small

Trojan Small created autostart registry keys:

HKLM\Software\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\InprocServer32 : %WinDir%\System32\SYSREA~1.DLL
HKLM\Software\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{0D8CA513-282F-4E40-8971-F5EE879AF7FD}\InprocServer32 : %WinDir%\System32\WinSC.dll
HKLM\Software\Classes\CLSID\{0D8CA513-282F-4E40-8971-F5EE879AF7FD}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{16A770A0-0E87-4278-B748-2460D64A8386}\InprocServer32 : %Common AppData%\Microsoft\IEHelper\IEHelper_4769.dll
HKLM\Software\Classes\CLSID\{16A770A0-0E87-4278-B748-2460D64A8386}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{566CB5F7-D9FA-4B01-8A1A-168F706CBE41}\InprocServer32 : %WinDir%\System32\WinSC.dll
HKLM\Software\Classes\CLSID\{566CB5F7-D9FA-4B01-8A1A-168F706CBE41}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{86DC8694-AACC-4CE6-B8EC-A75DEEDA698D}\InprocServer32 : %WinDir%\System32\WinSC.dll
HKLM\Software\Classes\CLSID\{86DC8694-AACC-4CE6-B8EC-A75DEEDA698D}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{9ACEEE31-1440-471B-AA46-72B061FE7D61}\InprocServer32 : %WinDir%\System32\WinSC.dll
HKLM\Software\Classes\CLSID\{9ACEEE31-1440-471B-AA46-72B061FE7D61}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{C5668031-4BDE-43D4-8766-8E9AAC16C56E}\InprocServer32 : %WinDir%\System32\WinSC.dll
HKLM\Software\Classes\CLSID\{C5668031-4BDE-43D4-8766-8E9AAC16C56E}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Classes\CLSID\{DED96F80-2B97-407C-8E09-D7233448753F}\InprocServer32 : %WinDir%\System32\WinSC.dll
HKLM\Software\Classes\CLSID\{DED96F80-2B97-407C-8E09-D7233448753F}\InprocServer32\ThreadingModel: Apartment
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\spoolsv: %WinDir%\System32\spoolsv\spoolsv.exe -printer
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MSService_v1.0: %WinDir%\System\java.exe

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images