XHEEPZWWHRO.EXE – Trojan Vilsel

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

XHEEPZWWHRO.EXE – Trojan Vilsel removal

FileMD5Virus Alias
XHEEPZWWHRO.EXE 5d365923d6632b15b3cd17fef132b6e2 Trojan Vilsel
XHEEPZWWHRO.EXE 5d365923d6632b15b3cd17fef132b6e2 Trojan Unknown.Suspicious.File
XHEEPZWWHRO.EXE 5d365923d6632b15b3cd17fef132b6e2 Trojan PAM
XHEEPZWWHRO.EXE 5d365923d6632b15b3cd17fef132b6e2 Trojan Renos
XHEEPZWWHRO.EXE 5d365923d6632b15b3cd17fef132b6e2 Worm Autorun
XHEEPZWWHRO.EXE 5d365923d6632b15b3cd17fef132b6e2 Trojan Agent

XHEEPZWWHRO.EXE size: 327680 bytes
XHEEPZWWHRO.EXE hash: 5D365923D6632B15B3CD17FEF132B6E2

Created files:

%WinDir%\dupzshbrnzxnqwhyt.exe
%WinDir%\kecpldatshibhqeywjfx.exe
%WinDir%\mealfvqherqhlsewsd.exe
%WinDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\dupzshbrnzxnqwhyt.exe
%SysDir%\kecpldatshibhqeywjfx.exe
%SysDir%\mealfvqherqhlsewsd.exe
%SysDir%\qmmbztsnofidlwmiixvpoj.exe
%SysDir%\wmgphvodyjgvxcmc.exe
%SysDir%\xqnzulhzxlldiqdwtfa.exe
%SysDir%\zuthexvppfhbishcbpmfd.exe
%TEMP%\dupzshbrnzxnqwhyt.exe
%TEMP%\kecpldatshibhqeywjfx.exe
%TEMP%\mealfvqherqhlsewsd.exe
%TEMP%\qmmbztsnofidlwmiixvpoj.exe
%TEMP%\wmgphvodyjgvxcmc.exe
%TEMP%\xeppydn.exe
%TEMP%\xheepzwwhro.exe
%TEMP%\xqnzulhzxlldiqdwtfa.exe
%TEMP%\zuthexvppfhbishcbpmfd.exe
%WinDir%\wmgphvodyjgvxcmc.exe
%WinDir%\xqnzulhzxlldiqdwtfa.exe
%WinDir%\zuthexvppfhbishcbpmfd.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mughrxip: kecpldatshibhqeywjfx.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zenls: %TEMP%\wmgphvodyjgvxcmc.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: xqnzulhzxlldiqdwtfa.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\oaqvjtitkrkv: %TEMP%\xqnzulhzxlldiqdwtfa.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: dupzshbrnzxnqwhyt.exe .
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\rcrvirfpfld: %TEMP%\xqnzulhzxlldiqdwtfa.exe .
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dmzbmtfnb: xqnzulhzxlldiqdwtfa.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\kqazhl: %TEMP%\dupzshbrnzxnqwhyt.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\wguxjrench: dupzshbrnzxnqwhyt.exe .
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\xeppydn: %TEMP%\kecpldatshibhqeywjfx.exe .

Detected by UnHackMe:

XHEEPZWWHRO.EXE
Default location: %TEMP%\XHEEPZWWHRO.EXE

Dropper information:
MD5: 325708cc09ec0c5b11aa68c7ebf7158d
File size: 495616 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images