16.07.2012, 05:32
Malware info:
SHA256: c85c40912d047fb93f0373681f9dc92193181a07edbf72ae75eecb8804ead557
SHA1: 1205c5eed5d96040641c6a2de35475093d1bfc5e
MD5: cfc4da393278354a60b82f8014a9f557
File size: 233819 bytes
VT info (30/42):
Changes in the system:
SHA256: c85c40912d047fb93f0373681f9dc92193181a07edbf72ae75eecb8804ead557
SHA1: 1205c5eed5d96040641c6a2de35475093d1bfc5e
MD5: cfc4da393278354a60b82f8014a9f557
File size: 233819 bytes
VT info (30/42):
[Aby zobaczyć linki, zarejestruj się tutaj]
Changes in the system:
- Registry Key:
HKLM\Software\Microsoft\Active Setup\Installed Components\{gNlHvcTl-X3Rf-glhX-zEHE-R7LhQcT46ee6}\B64Fu7wxCKTba7x: ""%AppData%\ArchiverforWin.exe" /ActiveX"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\B64Fu7wxCKTba7x: "%AppData%\ArchiverforWin.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\B64Fu7wxCKTba7x: "%AppData%\ArchiverforWin.exe"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: "%AppData%\ArchiverforWin.exe"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: "%AppData%\ArchiverforWin.exe,%WinDir%\System32\userinit.exe,"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: "%AppData%\ArchiverforWin.exe"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: "%AppData%\ArchiverforWin.exe,%WinDir%\System32\userinit.exe,"
Files:
%AppData%\ArchiverforWin.exe
Treść widoczna jedynie dla zarejestrowanych użytkowników