Trojan.KillProc2.24989

Technical Information

Malicious functions

Terminates or attempts to terminate

the following system processes:

%WINDIR%\explorer.exe
<SYSTEM32>\taskhost.exe
<SYSTEM32>\dwm.exe

the following user processes:

iexplore.exe
firefox.exe

Modifies file system

Creates the following files

%WINDIR%y1s2fctrp3
%CommonProgramFiles%\microsoft shared\asian cum uncut sgoibhh .rar.exe
%ProgramFiles%\dvd maker\shared\black lpcu5ai3 uncut glans girly (rdl1tfkz,sarah).mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\8r3baiec tsomq34 uncut ash (gina).zip.exe
%ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\eq7k2xcxt h93bklf uncut .mpeg.exe
%ProgramFiles%\microsoft office\office14\groove\xml files\space templates\7b6fhxi yzw1afy wep6b08 sgu4m7oc qq6w54yfhtqrbwcslg (cy4xpd).zip.exe
%ProgramFiles%\microsoft office\templates\xxx vjq39c1gwy eigt45 .avi.exe
%ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\gay l9hwcs7vvnphd9 hairy .mpeg.exe
%ProgramFiles%\windows journal\templates\horse gay girls feet .mpg.exe
%ProgramFiles%\windows sidebar\shared gadgets\black nom72kl l9hwcs7vvnphd9 (36mho73,y8oxsqa).mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\ddqayq big 779mipj .mpg.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\eq7k2xcxt horse sgu4m7oc ae2sd7u4xh .avi.exe
%ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\gzn4ud7e porn h93bklf sgu4m7oc latex .avi.exe
%CommonProgramFiles(x86)%\microsoft shared\w6csjja14n1 ihthd33 .mpg.exe
%ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\jxaglwti nom72kl cock balls (c4w8hqa,liz).mpeg.exe
%ProgramFiles(x86)%\windows sidebar\shared gadgets\8r3baiec 8ok6yf bq4kno 779mipj .mpeg.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\gzn4ud7e xakmpl xakmpl big nrb42wq .mpeg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\7b6fhxi bd1l5ir ihthd33 latex .mpeg.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\black 7nd83wovj mnho9y54 7vepaqjm js80j73 .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\asian porn ddqayq vjq39c1gwy girly .mpg.exe
%ALLUSERSPROFILE%\templates\h93bklf sperm bq4kno .zip.exe
%ALLUSERSPROFILE%\microsoft\rac\temp\lpcu5ai3 uncut fishy .mpeg.exe
%ALLUSERSPROFILE%\microsoft\search\data\temp\wpjwijv horse uncut cock .avi.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\mzwpstr8n 8ok6yf vjq39c1gwy .mpg.exe
%ALLUSERSPROFILE%\microsoft\windows\templates\f1i7cm ddqayq gay girls (jenna).rar.exe
%ALLUSERSPROFILE%\templates\7nd83wovj sgu4m7oc ejn547rbxhd1 (karin).mpeg.exe
C:\users\default\appdata\local\microsoft\windows\<INETFILES>\wpjwijv nom72kl bq4kno nrb42wq .mpg.exe
C:\users\default\appdata\local\temp\upfgetx xxx ihthd33 779mipj .avi.exe
C:\users\default\appdata\local\<INETFILES>\viaz50 wep6b08 nude uncut .rar.exe
C:\users\default\appdata\roaming\microsoft\windows\templates\s2fkave mzwpstr8n nude apv53deiq9fw (haj1oyikd).mpeg.exe
C:\users\default\templates\fac71w2 ddqayq mzwpstr8n bq4kno .mpg.exe
%LOCALAPPDATA%\microsoft\windows\<INETFILES>\viaz50 h93bklf horse apv53deiq9fw boobs sweet (gina,haj1oyikd).mpg.exe
%LOCALAPPDATA%\<INETFILES>\viaz50 horse uncut js80j73 (hyo87il,dxocjwba).zip.exe
%LOCALAPPDATA%low\mozilla\temp-{12c7f776-de07-4d8a-a6eb-93019fcb4f66}\cum epyxwn .mpeg.exe
%LOCALAPPDATA%low\mozilla\temp-{28060726-42ae-4e49-b300-93149d394ff5}\zc8giv9 wep6b08 ihthd33 (gina,liz).mpg.exe
%LOCALAPPDATA%low\mozilla\temp-{bc1f1f78-2666-4310-aef7-f6fd5ba4bc43}\fac71w2 nude uncut titts (sarah).mpg.exe
%APPDATA%\microsoft\templates\8r3baiec xakmpl 7nd83wovj big .mpg.exe
%APPDATA%\microsoft\windows\templates\ikdyfwhy horse [free] fw58kpr41ob1w .mpeg.exe
%APPDATA%\mozilla\firefox\profiles\apc2n9d1.default-release\storage\temporary\f07qtt mzwpstr8n uncut ae2sd7u4xh (2hbt8wr).avi.exe
%APPDATA%\thunderbird\profiles\rehh7ft5.default-release\storage\temporary\z1qxwcd nude vjq39c1gwy js80j73 .mpg.exe
%HOMEPATH%\templates\viaz50 lpcu5ai3 bq4kno (liz,36mho73).zip.exe
%WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\tsomq34 epyxwn 6tl9zg0uqa .mpg.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\gzn4ud7e 7nd83wovj lpcu5ai3 apv53deiq9fw gsva2xn .avi.exe
%WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\ikdyfwhy nude xakmpl bq4kno .avi.exe
%WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\8r3baiec xakmpl uncut zn3tvn .rar.exe
%WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\black mzwpstr8n apv53deiq9fw nrb42wq .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\8r3baiec wep6b08 uncut .mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\f07qtt mzwpstr8n girls b37oavmx289 (sandy,sonja).mpeg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\f07qtt xxx nom72kl hole (dehod0,jenna).mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\nom72kl big 8bgkvshe1 .zip.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\4h1e2a346 nom72kl xakmpl [free] .mpg.exe
%WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\wpjwijv mzwpstr8n xakmpl 7vepaqjm boobs .zip.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\jxaglwti xakmpl [free] .mpg.exe
%WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f07qtt wep6b08 uncut nmibe2 (2hbt8wr).zip.exe
%WINDIR%\assembly\temp\cum nom72kl fishy .rar.exe
%WINDIR%\assembly\tmp\eq7k2xcxt horse girls legs 50+ .avi.exe
%WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\yzw1afy l9hwcs7vvnphd9 qq6w54yfhtqrbwcslg .rar.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\w6csjja14n1 xxx girls boots .rar.exe
%WINDIR%\pla\templates\ddqayq nude vjq39c1gwy fishy (cy4xpd,liz).rar.exe
%WINDIR%\security\templates\upfgetx mzwpstr8n gay l9hwcs7vvnphd9 hole (jade,sonja).zip.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\7nd83wovj big balls .mpeg.exe
%WINDIR%\serviceprofiles\localservice\appdata\local\temp\0287zh xakmpl wep6b08 nom72kl cock 40+ .rar.exe
%WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\h93bklf bq4kno boobs (cy4xpd,dxocjwba).rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\mzwpstr8n girls .rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\local\temp\wpjwijv sperm [free] 8bgkvshe1 .rar.exe
%WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\7b6fhxi gay beast [milf] 50+ .zip.exe
%WINDIR%\syswow64\config\systemprofile\8r3baiec xxx uncut ejn547rbxhd1 (dxocjwba,cy4xpd).mpeg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe horse xxx [free] 779mipj .mpg.exe
%WINDIR%\syswow64\fxstmp\ikdyfwhy mzwpstr8n bd1l5ir epyxwn ol6p1tua (hyo87il).mpg.exe
%WINDIR%\syswow64\ime\shared\gay girls (sandy).avi.exe
%WINDIR%\syswow64\config\systemprofile\beast wep6b08 hot (!) lzxyhb7k .mpg.exe
%WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\fac71w2 horse girls (rdl1tfkz).avi.exe
%WINDIR%\syswow64\fxstmp\zc8giv9 mnho9y54 epyxwn ash sgoibhh (36mho73).avi.exe
%WINDIR%\syswow64\ime\shared\viaz50 mzwpstr8n big .avi.exe
%WINDIR%\temp\w6csjja14n1 big hotel .rar.exe
%WINDIR%\winsxs\installtemp\tsomq34 [free] girly .rar.exe
<Current directory>\sqjaed7r1vnw

Miscellaneous

Searches for the following windows

ClassName: 'Progman' WindowName: ''
ClassName: 'Proxy Desktop' WindowName: ''

Restarts the analyzed sample

Executes the following

'%WINDIR%\explorer.exe'

Technologies

Terminology

Training and education

Myths

Technical Information

Curing recommendations

Free trial