17.05.2012, 06:42
Malware info:
SHA256: 3859d838c523ce88fdadfe0c3375d5d1f98354e22a9c670cbb2ac0c4d2ca25bb
SHA1: bbd3ab3d1917d72116b99cb0f2080a2d254b66b9
MD5: f8eeecb3c9ea0ace4e485fd1611fa1ab
File size: 178.5 KB ( 182784 bytes )
VT info (33/42):
Changes in the system:
SHA256: 3859d838c523ce88fdadfe0c3375d5d1f98354e22a9c670cbb2ac0c4d2ca25bb
SHA1: bbd3ab3d1917d72116b99cb0f2080a2d254b66b9
MD5: f8eeecb3c9ea0ace4e485fd1611fa1ab
File size: 178.5 KB ( 182784 bytes )
VT info (33/42):
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QJa8hs7QNbxt4uL: "%Appdata%\ram_reserver64.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\QJa8hs7QNbxt4uL: "%Appdata%\ram_reserver64.exe"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: "%Appdata%\ram_reserver64.exe"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: "%Appdata%\ram_reserver64.exe,%WinDir%\System32\userinit.exe,"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: "%Appdata%\ram_reserver64.exe"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: "%Appdata%\ram_reserver64.exe,%WinDir%\System32\userinit.exe,"
Files:
%Appdata%\ram_reserver64.exe
Treść widoczna jedynie dla zarejestrowanych użytkowników