27.06.2012, 05:22
Malware info:
SHA256: dc867bf3ac400757162493e45a058c50e577031c880b098542d998e64bd39aef
SHA1: f101e5fc0abeee820a034c19a05cfed11316c5e9
MD5: f34a403983aa791925b9e31cf95fa614
File size: 209408 bytes
VT info (8/42):
Changes in the system:
SHA256: dc867bf3ac400757162493e45a058c50e577031c880b098542d998e64bd39aef
SHA1: f101e5fc0abeee820a034c19a05cfed11316c5e9
MD5: f34a403983aa791925b9e31cf95fa614
File size: 209408 bytes
VT info (8/42):
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKLM\Software\Microsoft\Active Setup\Installed Components\{0jm95fMk-FJxC-Z1Xk-ikm2-Er7OOTChHiCY}\u9OL0J5DO04DjkD: "%AppData%\hjnwr46js6ju.exe" /ActiveX
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\u9OL0J5DO04DjkD: %AppData%\hjnwr46js6ju.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\hjnwr46js6ju.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\hjnwr46js6ju.exe,%WinDir%\System32\userinit.exe,
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\u9OL0J5DO04DjkD: %AppData%\hjnwr46js6ju.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: %AppData%\hjnwr46js6ju.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %AppData%\hjnwr46js6ju.exe,%WinDir%\System32\userinit.exe,
Files:
%AppData%\hjnwr46js6ju.exe
Treść widoczna jedynie dla zarejestrowanych użytkowników