Worm Autorun – winlogon.exe – 0573e11d7c8e63e4aafd4d6e8b757ad0

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Worm Autorun
Also known as: Trojan Malagent, Trojan Agent
SHA256: f087147d60185ef8b6279c8cc59692b754365f372d778f9a5e7674c9f2a7e790
SHA1: 4dc1715a35e40781930dbbac1fb8ee0ef81bbce0
MD5: 0573e11d7c8e63e4aafd4d6e8b757ad0
File size: 406704 bytes

Created files:

%Common Startmenu%\Programs\Startup\winlogon.exe – Worm Autorun
%Common Startmenu%\Programs\winlogon.exe – Worm Autorun
%Common Startmenu%\winlogon.exe – Worm Autorun
%UserProfile%\25543555\winlogon.exe – Worm Autorun
%Startup%\winlogon.exe – Worm Autorun
%Startmenu%\Programs\winlogon.exe – Worm Autorun
%Startmenu%\winlogon.exe – Worm Autorun

Worm Autorun created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\CA92078A62DE3BDAA1E3323692E86B08CC1CACAC1D1362BC: %UserProfile%\25543555\winlogon.exe
HKLM\System\CurrentControlSet\Services\cryptsvc\SBIE_StartTicks: 19E41700
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications: 01000000
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications: 01000000
HKLM\System\CurrentControlSet\Services\sr\Start: 04000000
HKLM\System\CurrentControlSet\Services\wscsvc\Start: 04000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\8C4360D1300271B1D6E443121F7E774CA8B072EB3ABC1AD4: %UserProfile%\25543555\winlogon.exe

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images