GUANJI.EXE – Worm Autoit removal

GUANJI.EXE size: 292173 bytes
GUANJI.EXE hash: CC5AA71D0315E7CDA7708962A7E5AC74

Created files:

%AppData%\xnuu.com\guanji.exe
%AppData%\xnuu.com\hunxiang\Mmutil32.dll
%AppData%\xnuu.com\hunxiang\UnicodeFile.bin
%AppData%\xnuu.com\hunxiang\UnicodeFile_1.bin
%AppData%\xnuu.com\jietu.exe
%AppData%\xnuu.com\skin\adamant.she
%AppData%\xnuu.com\skin\aero.she
%AppData%\xnuu.com\skin\china.she
%AppData%\xnuu.com\skin\dogmax.she
%AppData%\xnuu.com\skin\QQ2009.she
%AppData%\xnuu.com\skin\Skin.dll
%AppData%\xnuu.com\sound\UnicodeFile.bin
%AppData%\xnuu.com\sound\UnicodeFile_1.bin
%AppData%\xnuu.com\sound\UnicodeFile_2.bin
%AppData%\xnuu.com\sound\UnicodeFile_3.bin
%AppData%\xnuu.com\sound\UnicodeFile_4.bin
%AppData%\xnuu.com\sound\UnicodeFile_5.bin
%AppData%\xnuu.com\sound\UnicodeFile_6.bin
%AppData%\xnuu.com\sound\UnicodeFile_7.bin
%AppData%\xnuu.com\sound\UnicodeFile_8.bin
%AppData%\xnuu.com\sound\UnicodeFile_9.bin
%AppData%\xnuu.com\sound\UnicodeFile_10.bin
%AppData%\xnuu.com\sound\UnicodeFile_11.bin
%AppData%\xnuu.com\sound\UnicodeFile_12.bin
%AppData%\xnuu.com\sound\UnicodeFile_13.bin
%AppData%\xnuu.com\sound\UnicodeFile_14.bin
%AppData%\xnuu.com\sound\UnicodeFile_15.bin
%AppData%\xnuu.com\sound\UnicodeFile_16.bin
%AppData%\xnuu.com\sound\UnicodeFile_17.bin
%AppData%\xnuu.com\sound\UnicodeFile_18.bin
%AppData%\xnuu.com\sound\UnicodeFile_19.bin
%AppData%\xnuu.com\sound\UnicodeFile_20.bin
%AppData%\xnuu.com\sound\UnicodeFile_21.bin
%AppData%\xnuu.com\sound\UnicodeFile_22.bin
%AppData%\xnuu.com\sound\UnicodeFile_23.bin
%AppData%\xnuu.com\sound\UnicodeFile_24.bin
%SysDir%\drivers\etc\hosts
%TEMP%\~GM71.exe

Detected by UnHackMe:

GUANJI.EXE
Default location: %APPDATA%\XNUU.COM\GUANJI.EXE

Dropper information:
MD5: ab19e07c5aa5a2bdebec2d7ac6e29d8c
File size: 3164425 bytes