XHEEPZWWHRO.EXE – Trojan Vilsel

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

XHEEPZWWHRO.EXE – Trojan Vilsel removal

FileMD5Virus Alias
XHEEPZWWHRO.EXE 57d62f1d315fa0c8a95df9497c2a226d Trojan Vilsel
XHEEPZWWHRO.EXE 57d62f1d315fa0c8a95df9497c2a226d Trojan Unknown.Suspicious.File
XHEEPZWWHRO.EXE 57d62f1d315fa0c8a95df9497c2a226d Trojan PAM
XHEEPZWWHRO.EXE 57d62f1d315fa0c8a95df9497c2a226d Trojan Renos
XHEEPZWWHRO.EXE 57d62f1d315fa0c8a95df9497c2a226d Worm Autorun
XHEEPZWWHRO.EXE 57d62f1d315fa0c8a95df9497c2a226d Trojan Agent

XHEEPZWWHRO.EXE size: 327680 bytes
XHEEPZWWHRO.EXE hash: 57D62F1D315FA0C8A95DF9497C2A226D

Created files:

%WinDir%\dupzshbrnzxnqwhyt.exe
%WinDir%\kecpldatshibhqeywjfx.exe
%WinDir%\mealfvqherqhlsewsd.exe
%WinDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\dupzshbrnzxnqwhyt.exe
%SysDir%\kecpldatshibhqeywjfx.exe
%SysDir%\mealfvqherqhlsewsd.exe
%SysDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\wmgphvodyjgvxcmc.exe
%SysDir%\xqnzulhzxlldiqdwtfa.exe
%SysDir%\zuthexvppfhbishcbpmfd.exe
%TEMP%\dupzshbrnzxnqwhyt.exe
%TEMP%\kecpldatshibhqeywjfx.exe
%TEMP%\mealfvqherqhlsewsd.exe
%TEMP%\qmmbztsnofidlwmiixvpoj.exe
%TEMP%\wmgphvodyjgvxcmc.exe
%TEMP%\xheepzwwhro.exe
%TEMP%\xqnzulhzxlldiqdwtfa.exe
%TEMP%\zuthexvppfhbishcbpmfd.exe
%WinDir%\wmgphvodyjgvxcmc.exe
%WinDir%\xqnzulhzxlldiqdwtfa.exe
%WinDir%\zuthexvppfhbishcbpmfd.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mughrxip: kecpldatshibhqeywjfx.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zenls: %TEMP%\dupzshbrnzxnqwhyt.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: dupzshbrnzxnqwhyt.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\oaqvjtitkrkv: %TEMP%\mealfvqherqhlsewsd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: mealfvqherqhlsewsd.exe .
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\rcrvirfpfld: %TEMP%\dupzshbrnzxnqwhyt.exe .
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dmzbmtfnb: kecpldatshibhqeywjfx.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\wguxjrench: zuthexvppfhbishcbpmfd.exe .

Detected by UnHackMe:

XHEEPZWWHRO.EXE
Default location: %TEMP%\XHEEPZWWHRO.EXE

Dropper information:
MD5: 0f02f0a7e05b20fba3f62a44a7dd4cae
File size: 495616 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images