XHEEPZWWHRO.EXE – Trojan Vilsel

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

XHEEPZWWHRO.EXE – Trojan Vilsel removal

FileMD5Virus Alias
XHEEPZWWHRO.EXE eb09c682903ecbd87f30b0366e008d8f Trojan Vilsel
XHEEPZWWHRO.EXE eb09c682903ecbd87f30b0366e008d8f Trojan Win32.Spy
XHEEPZWWHRO.EXE eb09c682903ecbd87f30b0366e008d8f Trojan Generic
XHEEPZWWHRO.EXE eb09c682903ecbd87f30b0366e008d8f Trojan Eldorado
XHEEPZWWHRO.EXE eb09c682903ecbd87f30b0366e008d8f Trojan Downloader
XHEEPZWWHRO.EXE eb09c682903ecbd87f30b0366e008d8f Trojan PAM

XHEEPZWWHRO.EXE size: 327680 bytes
XHEEPZWWHRO.EXE hash: EB09C682903ECBD87F30B0366E008D8F

Created files:

%WinDir%\dupzshbrnzxnqwhyt.exe
%WinDir%\kecpldatshibhqeywjfx.exe
%WinDir%\mealfvqherqhlsewsd.exe
%WinDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\dupzshbrnzxnqwhyt.exe
%SysDir%\kecpldatshibhqeywjfx.exe
%SysDir%\mealfvqherqhlsewsd.exe
%SysDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\wmgphvodyjgvxcmc.exe
%SysDir%\xqnzulhzxlldiqdwtfa.exe
%SysDir%\zuthexvppfhbishcbpmfd.exe
%TEMP%\dupzshbrnzxnqwhyt.exe
%TEMP%\kecpldatshibhqeywjfx.exe
%TEMP%\mealfvqherqhlsewsd.exe
%TEMP%\qmmbztsnofidlwmiixvpoj.exe
%TEMP%\wmgphvodyjgvxcmc.exe
%TEMP%\xheepzwwhro.exe
%TEMP%\xqnzulhzxlldiqdwtfa.exe
%TEMP%\zuthexvppfhbishcbpmfd.exe
%WinDir%\wmgphvodyjgvxcmc.exe
%WinDir%\xqnzulhzxlldiqdwtfa.exe
%WinDir%\zuthexvppfhbishcbpmfd.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mughrxip: mealfvqherqhlsewsd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zenls: %TEMP%\mealfvqherqhlsewsd.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: xqnzulhzxlldiqdwtfa.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\oaqvjtitkrkv: %TEMP%\dupzshbrnzxnqwhyt.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: wmgphvodyjgvxcmc.exe .
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\rcrvirfpfld: %TEMP%\mealfvqherqhlsewsd.exe .
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dmzbmtfnb: mealfvqherqhlsewsd.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\wguxjrench: dupzshbrnzxnqwhyt.exe .

Detected by UnHackMe:

XHEEPZWWHRO.EXE
Default location: %TEMP%\XHEEPZWWHRO.EXE

Dropper information:
MD5: 4d29ce21fdf1a529607cc8af0a0dca85
File size: 602112 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images