WINLOGIN.EXE – Trojan Kazy

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WINLOGIN.EXE – Trojan Kazy removal

File MD5 Virus Alias
WINLOGIN.EXE e19b0b1a55508a4064fe54003b52182d Trojan Kazy
WINLOGIN.EXE e19b0b1a55508a4064fe54003b52182d Trojan ModifiedUPX
WINLOGIN.EXE e19b0b1a55508a4064fe54003b52182d Trojan Bitcoin
WINLOGIN.EXE e19b0b1a55508a4064fe54003b52182d Trojan Btcmine
WINLOGIN.EXE e19b0b1a55508a4064fe54003b52182d Trojan SuspiciousFile
WINLOGIN.EXE e19b0b1a55508a4064fe54003b52182d Trojan CoinMiner

WINLOGIN.EXE size: 210958 bytes
WINLOGIN.EXE hash: E19B0B1A55508A4064FE54003B52182D

Created files:

%Program Files%\%appdata%\Adobex64\api-example.php
%Program Files%\%appdata%\Adobex64\bat.exe
%Program Files%\%appdata%\Adobex64\diablo130302.cl
%Program Files%\%appdata%\Adobex64\diakgcn121016.cl
%Program Files%\%appdata%\Adobex64\example.conf
%Program Files%\%appdata%\Adobex64\invis.vbs
%Program Files%\%appdata%\Adobex64\libcurl.dll
%Program Files%\%appdata%\Adobex64\libeay32.dll
%Program Files%\%appdata%\Adobex64\libidn-11.dll
%Program Files%\%appdata%\Adobex64\librtmp.dll
%Program Files%\%appdata%\Adobex64\libssh2.dll
%Program Files%\%appdata%\Adobex64\libusb-1.0.dll
%Program Files%\%appdata%\Adobex64\miner.php
%Program Files%\%appdata%\Adobex64\phatk121016.cl
%Program Files%\%appdata%\Adobex64\poclbm130302.cl
%Program Files%\%appdata%\Adobex64\scrypt130511.cl
%Program Files%\%appdata%\Adobex64\ssleay32.dll
%Program Files%\%appdata%\Adobex64\winlogin.exe
%Program Files%\%appdata%\Adobex64\zlib1.dll

Detected by UnHackMe:

WINLOGIN.EXE
Default location: %PROGRAM FILES%\%APPDATA%\ADOBEX64\WINLOGIN.EXE

Dropper information:
MD5: 4f625de0e4830f9b6feb9ccc6ccecb05
File size: 1613791 bytes

Leave a Reply