XEPPYDN.EXE – Trojan Vilsel

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

XEPPYDN.EXE – Trojan Vilsel removal

FileMD5Virus Alias
XEPPYDN.EXE 5203b6ea0901877fbf2d8d6f6d8d338e Trojan Vilsel
XEPPYDN.EXE 5203b6ea0901877fbf2d8d6f6d8d338e Trojan Generic
XEPPYDN.EXE 5203b6ea0901877fbf2d8d6f6d8d338e Trojan Eldorado
XEPPYDN.EXE 5203b6ea0901877fbf2d8d6f6d8d338e Trojan Downloader
XEPPYDN.EXE 5203b6ea0901877fbf2d8d6f6d8d338e Trojan PAM
XEPPYDN.EXE 5203b6ea0901877fbf2d8d6f6d8d338e Trojan Renos

XEPPYDN.EXE size: 327680 bytes
XEPPYDN.EXE hash: 5203B6EA0901877FBF2D8D6F6D8D338E

Created files:

%WinDir%\dupzshbrnzxnqwhyt.exe
%WinDir%\kecpldatshibhqeywjfx.exe
%WinDir%\mealfvqherqhlsewsd.exe
%WinDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\dupzshbrnzxnqwhyt.exe
%SysDir%\kecpldatshibhqeywjfx.exe
%SysDir%\mealfvqherqhlsewsd.exe
%SysDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\wmgphvodyjgvxcmc.exe
%SysDir%\xqnzulhzxlldiqdwtfa.exe
%SysDir%\zuthexvppfhbishcbpmfd.exe
%TEMP%\dupzshbrnzxnqwhyt.exe
%TEMP%\kecpldatshibhqeywjfx.exe
%TEMP%\mealfvqherqhlsewsd.exe
%TEMP%\qmmbztsnofidlwmiixvpoj.exe
%TEMP%\wmgphvodyjgvxcmc.exe
%TEMP%\xeppydn.exe
%TEMP%\xheepzwwhro.exe
%TEMP%\xqnzulhzxlldiqdwtfa.exe
%TEMP%\zuthexvppfhbishcbpmfd.exe
%WinDir%\wmgphvodyjgvxcmc.exe
%WinDir%\xqnzulhzxlldiqdwtfa.exe
%WinDir%\zuthexvppfhbishcbpmfd.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mughrxip: zuthexvppfhbishcbpmfd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zenls: %TEMP%\wmgphvodyjgvxcmc.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: mealfvqherqhlsewsd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\oaqvjtitkrkv: %TEMP%\dupzshbrnzxnqwhyt.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: xqnzulhzxlldiqdwtfa.exe .
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\rcrvirfpfld: %TEMP%\mealfvqherqhlsewsd.exe .
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dmzbmtfnb: dupzshbrnzxnqwhyt.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: %TEMP%\wmgphvodyjgvxcmc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\wguxjrench: kecpldatshibhqeywjfx.exe .
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: %TEMP%\kecpldatshibhqeywjfx.exe .

Detected by UnHackMe:

XEPPYDN.EXE
Default location: %TEMP%\XEPPYDN.EXE

Dropper information:
MD5: 517e75e316bf2395b420403935dbff31
File size: 503808 bytes

Leave a Reply