Worm Autorun – 809480.exe – 314e1841504f65327e272dba8ee96ae9

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Worm Autorun
Also known as: Trojan Banker, Trojan Downloader.Generic
SHA256: 3f64dfbc70cac2315ea7de12d73123e89e84be3dce94abf97a6f06fccb366518
SHA1: 2ae88ac940bbc479eb82f94f41957487a2a1ff36
MD5: 314e1841504f65327e272dba8ee96ae9
File size: 203264 bytes

Created files:

C:\53383144\809480.exe – Worm Autorun
C:\53383144\980290.exe – Worm Autorun
C:\cleanup.bat – Worm Autorun
C:\cleanup.exe – Worm Autorun
%WinDir%\8787012.exe – Worm Autorun
%SysDir%\drivers\ppya.sys – Worm Autorun
C:\zip.exe – Worm Autorun

Worm Autorun created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Cleanup: C:\cleanup.exe
HKLM\System\CurrentControlSet\Services\mtbcfrgs\ImagePath: 730079007300740065006D00330032005C0064007200690076006500720073005C0070007000790061002E007300790073000000
HKLM\System\CurrentControlSet\Services\mtbcfrgs\Type: 01000000
HKLM\System\CurrentControlSet\Services\mtbcfrgs\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\mtbcfrgs\wpoqcim: \??\%WinDir%\dmotbpai.txt
HKLM\System\CurrentControlSet\Services\mtbcfrgs\jkdj: %WinDir%
HKLM\System\CurrentControlSet\Services\mtbcfrgs\hdstrr: 5CFF0000
HKLM\System\CurrentControlSet\Services\mtbcfrgs\Group: khenqoj

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images