I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
START.EXE – Unclassified Malware removal
START.EXE size: 28672 bytes
START.EXE hash: 28B6216D6CE7D4C98078F667796D8BD0
Created files:
%TEMP%\RarSFX0\install.aws
%TEMP%\RarSFX0\prjdata\appdir\CropLib.dll
%TEMP%\RarSFX0\prjdata\appdir\CropTool.exe
%TEMP%\RarSFX0\prjdata\appdir\FlatButton.dll
%TEMP%\RarSFX0\prjdata\appdir\Gma.QrCodeNet.Encoding.dll
%TEMP%\RarSFX0\prjdata\appdir\gpkgs64.dll
%TEMP%\RarSFX0\prjdata\appdir\icsvndr.ocx
%TEMP%\RarSFX0\prjdata\appdir\idcard.exe
%TEMP%\RarSFX0\prjdata\appdir\idEffectlib.dll
%TEMP%\RarSFX0\prjdata\appdir\uninst.exe
%TEMP%\RarSFX0\prjdata\appdir\update.exe
%TEMP%\RarSFX0\prjdata\cf\root\zh\idcard.resources.dll
%TEMP%\RarSFX0\prjdata\later\abtics32.dll
%TEMP%\RarSFX0\prjdata\later\alckedit.dll
%TEMP%\RarSFX0\prjdata\later\bkendcfg.tlb
%TEMP%\RarSFX0\prjdata\later\comdlg32.ocx
%TEMP%\RarSFX0\prjdata\later\HH2Ctrl.ocx
%TEMP%\RarSFX0\prjdata\later\idfw.tlb
%TEMP%\RarSFX0\prjdata\later\ocnetptr.dll
%TEMP%\RarSFX0\prjdata\later\rtcshare.olb
%TEMP%\RarSFX0\prjdata\later\tsgqckjk.tlb
%TEMP%\RarSFX0\prjdata\pre\acmefw.ocx
%TEMP%\RarSFX0\prjdata\pre\msado20.tlb
%TEMP%\RarSFX0\prjdata\pre\mscomctl.OCX
%TEMP%\RarSFX0\prjdata\pre\mshtml.tlb
%TEMP%\RarSFX0\prjdata\pre\MSINET.ocx
%TEMP%\RarSFX0\prjdata\pre\msvbvm60.dll
%TEMP%\RarSFX0\prjdata\pre\scrrun.dll
%TEMP%\RarSFX0\prjdata\pre\shdocvw.dll
%TEMP%\RarSFX0\prjdata\pre\shdocvw.oca
%TEMP%\RarSFX0\prjdata\pre\stdole2.tlb
%TEMP%\RarSFX0\prjdata\pre\VB6.OLB
%TEMP%\RarSFX0\prjdata\pre\vbscript.dll
%TEMP%\RarSFX0\prjdata\pre\wbemdisp.tlb
%TEMP%\RarSFX0\start.exe
Detected by UnHackMe:
START.EXE
Default location: %TEMP%\RARSFX0\START.EXE
Dropper information:
MD5: 61ae1eaa1288a8459d608e512445db78
File size: 5091430 bytes