Trojan installer - Virus, Trojan, Spyware, and Malware Removal Help
Tags
country: | United States Of America |
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Data Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Mmc - T1218.014 Msbuild - T1127.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Rundll32 - T1085 |
Common Information
Type | Value |
---|---|
UUID | 719d7c30-505f-4211-824d-614ac9563dcd |
Fingerprint | 3ffa8b505ece6f9f |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | May 13, 2023, 12:51 p.m. |
Added to db | May 13, 2023, 8:47 p.m. |
Last updated | Nov. 17, 2024, 6:55 p.m. |
Headline | Trojan installer |
Title | Trojan installer - Virus, Trojan, Spyware, and Malware Removal Help |
Detected Hints/Tags/Attributes | 61/3/215 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.bleepingcomputer.com/forums/t/785347/trojan-installer/ |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 163 | ✔ | — | https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 51 | battle.net |
|
Details | Domain | 1 | curse.agent.host |
|
Details | Domain | 67 | microsoft.windows |
|
Details | Domain | 18 | gog.com |
|
Details | Domain | 1 | electron.app.youtube |
|
Details | Domain | 37 | java.com |
|
Details | Domain | 1 | mglogs.zip |
|
Details | Domain | 87 | regid.1991-06.com.microsoft |
|
Details | 1 | anttoolbar@ant.com.xpi |
||
Details | 1 | jid1-93wyvpgvxzgatw@jetpack.xpi |
||
Details | 3 | jid1-xufzosoflzsoxg@jetpack.xpi |
||
Details | File | 17 | scvhost.exe |
|
Details | File | 86 | frst.txt |
|
Details | File | 1 | c:\users\ander\onedrive\desktop\frst64.exe |
|
Details | File | 48 | agent.exe |
|
Details | File | 4 | c:\program files\lghub\lghub.exe |
|
Details | File | 3 | c:\program files\lghub\system_tray\lghub_system_tray.exe |
|
Details | File | 7 | c:\program files\lghub\lghub_agent.exe |
|
Details | File | 46 | c:\program files\malwarebytes\anti-malware\mbamservice.exe |
|
Details | File | 39 | c:\program files\malwarebytes\anti-malware\mbamtray.exe |
|
Details | File | 27 | c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe |
|
Details | File | 127 | c:\windows\system32\rundll32.exe |
|
Details | File | 1 | c:\program files\steelseries\gg\apps\engine\steelseriesengine.exe |
|
Details | File | 1 | c:\program files\steelseries\gg\apps\engine\prism\steelseriesprism.exe |
|
Details | File | 1 | c:\program files\steelseries\gg\apps\moments\steelseriessvclauncher.exe |
|
Details | File | 6 | c:\program files\steelseries\gg\steelseriesgg.exe |
|
Details | File | 1 | c:\users\ander\appdata\local\programs\curseforge windows\curseforge.exe |
|
Details | File | 20 | host.exe |
|
Details | File | 35 | discord.exe |
|
Details | File | 1260 | explorer.exe |
|
Details | File | 1 | f:\downloads\utorrent-1-6-1-build-490-utorrent.exe |
|
Details | File | 256 | net.exe |
|
Details | File | 3 | c:\program files\intel\sur\queencreek\x64\esrv.exe |
|
Details | File | 380 | notepad.exe |
|
Details | File | 8 | c:\program files\microsoft onedrive\onedrive.exe |
|
Details | File | 47 | c:\program files\mozilla firefox\firefox.exe |
|
Details | File | 674 | node.js |
|
Details | File | 31 | helper.exe |
|
Details | File | 29 | jusched.exe |
|
Details | File | 306 | services.exe |
|
Details | File | 2 | c:\program files\intel\sur\queencreek\sursvc.exe |
|
Details | File | 2 | c:\program files\intel\sur\queencreek\x64\esrv_svc.exe |
|
Details | File | 22 | c:\windows\system32\driverstore\filerepository\mewmiprov.inf |
|
Details | File | 23 | wmiregistrationservice.exe |
|
Details | File | 33 | c:\windows\system32\driverstore\filerepository\dal.inf |
|
Details | File | 41 | jhi_service.exe |
|
Details | File | 6 | c:\program files\lghub\lghub_updater.exe |
|
Details | File | 15 | gameinputsvc.exe |
|
Details | File | 13 | filesynchelper.exe |
|
Details | File | 13 | c:\windows\system32\driverstore\filerepository\nv_dispi.inf |
|
Details | File | 44 | container.exe |
|
Details | File | 35 | c:\windows\system32\driverstore\filerepository\realtekservice.inf |
|
Details | File | 35 | rtkauduservice64.exe |
|
Details | File | 1122 | svchost.exe |
|
Details | File | 4 | c:\program files\intel\sur\queencreek\updater\bin\intelsoftwareassetmanagerservice.exe |
|
Details | File | 14 | filecoauth.exe |
|
Details | File | 13 | hxoutlook.exe |
|
Details | File | 19 | hxtsr.exe |
|
Details | File | 14 | widgetservice.exe |
|
Details | File | 49 | c:\windows\immersivecontrolpanel\systemsettings.exe |
|
Details | File | 85 | c:\windows\system32\dllhost.exe |
|
Details | File | 7 | c:\windows\system32\locationnotificationwindows.exe |
|
Details | File | 67 | c:\windows\system32\smartscreen.exe |
|
Details | File | 11 | chxsmartscreen.exe |
|
Details | File | 409 | c:\windows\system32\cmd.exe |
|
Details | File | 3 | c:\program files\microsoft onedrive\update\onedrivesetup.exe |
|
Details | File | 3 | c:\program files\microsoft onedrive\standaloneupdater\onedrivesetup.exe |
|
Details | File | 99 | steam.exe |
|
Details | File | 3 | galaxyclient.exe |
|
Details | File | 3 | c:\program files\electronic arts\ea desktop\ea desktop\ealauncher.exe |
|
Details | File | 6 | overwolflauncher.exe |
|
Details | File | 128 | msedge.exe |
|
Details | File | 1 | c:\users\ander\appdata\local\programs\youtube-music-desktop-app\youtube music desktop app.exe |
|
Details | File | 1 | c:\users\ander\appdata\local\discord\update.exe |
|
Details | File | 18 | c:\program files\nvidia corporation\nvbackend\nvtmrep.exe |
|
Details | File | 30 | c:\windows\system32\wscript.exe |
|
Details | File | 2 | c:\program files\intel\sur\queencreek\x64\task.vbs |
|
Details | File | 3 | c:\windows\system32\wpninprc.dll |
|
Details | File | 5 | msiafterburner.exe |
|
Details | File | 12 | c:\windows\system32\musnotification.exe |
|
Details | File | 6 | iumsvc.exe |
|
Details | File | 1 | c:\users\ander\appdata\local\microsoft\onedrive\onedrivestandaloneupdater.exe |
|
Details | File | 19 | c:\program files\nvidia corporation\nvidia geforce experience\nvidia geforce experience.exe |
|
Details | File | 20 | c:\programdata\nvidia\nvcontainerdriverupdatecheck.log |
|
Details | File | 19 | c:\program files\nvidia corporation\update core\nvprofileupdater64.exe |
|
Details | File | 12 | c:\program files\microsoft onedrive\onedrivestandaloneupdater.exe |
|
Details | File | 10 | overwolfupdater.exe |
|
Details | File | 38 | c:\program files\mozilla firefox\default-browser-agent.exe |
|
Details | File | 19 | nvnodejslauncher.exe |
|
Details | File | 7 | c:\windows\system32\mbaeparsertask.exe |
|
Details | File | 99 | c:\windows\explorer.exe |
|
Details | File | 15 | npdeployjava1.dll |
|
Details | File | 15 | npjp2.dll |
|
Details | File | 8 | c:\program files\electronic arts\ea desktop\ea desktop\eabackgroundservice.exe |
|
Details | File | 18 | easyanticheat.exe |
|
Details | File | 7 | easyanticheat_eos.exe |
|
Details | File | 16 | epiconlineserviceshost.exe |
|
Details | File | 3 | galaxyclientservice.exe |
|
Details | File | 5 | galaxycommunication.exe |
|
Details | File | 13 | onedriveupdaterservice.exe |
|
Details | File | 1 | e:\program files\rockstar games\launcher\rockstarservice.exe |
|
Details | File | 5 | c:\program files\steelseries\gg\steelseriesupdateservice.exe |
|
Details | File | 87 | nissrv.exe |
|
Details | File | 198 | msmpeng.exe |
|
Details | File | 30 | containerlocalsystem.log |
|
Details | File | 2 | brynhildr.sys |
|
Details | File | 12 | c:\windows\system32\drivers\bthmodem.sys |
|
Details | File | 4 | driver-x64.sys |
|
Details | File | 5 | c:\windows\system32\driverstore\filerepository\e1d.inf |
|
Details | File | 5 | e1d.sys |
|
Details | File | 16 | c:\windows\system32\drivers\mbae64.sys |
|
Details | File | 6 | c:\windows\system32\drivers\logi_joy_bus_enum.sys |
|
Details | File | 7 | c:\windows\system32\drivers\logi_joy_vir_hid.sys |
|
Details | File | 6 | c:\windows\system32\drivers\logi_joy_xlcore.sys |
|
Details | File | 30 | c:\windows\system32\drivers\mbamchameleon.sys |
|
Details | File | 38 | c:\windows\system32\drivers\mbamelam.sys |
|
Details | File | 11 | c:\windows\system32\drivers\farflt.sys |
|
Details | File | 11 | c:\windows\system32\drivers\mbam.sys |
|
Details | File | 38 | c:\windows\system32\drivers\mbamswissarmy.sys |
|
Details | File | 12 | c:\windows\system32\drivers\mwac.sys |
|
Details | File | 14 | c:\windows\system32\driverstore\filerepository\nvmoduletracker.inf |
|
Details | File | 14 | nvmoduletracker.sys |
|
Details | File | 6 | c:\windows\system32\drivers\ssdevfactory.sys |
|
Details | File | 3 | c:\windows\system32\drivers\steamstreamingmicrophone.sys |
|
Details | File | 3 | c:\windows\system32\drivers\steamstreamingspeakers.sys |
|
Details | File | 4 | c:\windows\system32\driverstore\filerepository\steelseries-sonar-vad.inf |
|
Details | File | 4 | steelseries-sonar-vad.sys |
|
Details | File | 70 | c:\windows\system32\drivers\wd\wdboot.sys |
|
Details | File | 70 | c:\windows\system32\drivers\wd\wdfilter.sys |
|
Details | File | 70 | c:\windows\system32\drivers\wd\wdnisdrv.sys |
|
Details | File | 13 | winsetupmon.sys |
|
Details | File | 1 | c:\programdata\malwarebytes 2023-05-07 01:23 - 2023-05-07 01:23 - 000000000 ____d c:\program files\malwarebytes 2023-05-07 00:57 - 2023-05-07 00:57 - 000000000 ____d c:\programdata\microsoft onedrive 2023-05-07 00:56 - 2023-05-13 10:15 - 000850372 _____ c:\windows\system32\perfstringbackup.ini |
|
Details | File | 1 | c:\windows\system32\tasks\onedrive reporting task-s-1-5-21-2374129388-989574461-877817314-1001 2023-05-07 00:55 - 2023-05-10 17:17 - 000003194 _____ c:\windows\system32\tasks\onedrive per-machine standalone update task 2023-05-07 00:55 - 2023-05-10 17:16 - 000000006 ____h c:\windows\tasks\sa.dat |
|
Details | File | 1 | c:\windows\system32\tasks\user_esrv_svc_queencreek 2023-05-07 00:55 - 2023-05-07 00:55 - 000002604 _____ c:\windows\system32\tasks\intelsurqc-upgrade-86621605-2a0b-4128-8ffc-15514c247132-logon 2023-05-07 00:55 - 2023-05-07 00:55 - 000002430 _____ c:\windows\system32\tasks\msiafterburner 2023-05-07 00:55 - 2023-05-07 00:55 - 000000020 ___sh c:\users\ander\ntuser.ini |
|
Details | File | 1 | c:\windows\system32\tasks\mozilla 2023-05-07 00:55 - 2023-05-07 00:55 - 000000000 ____d c:\windows\system32\tasks\event viewer tasks 2023-05-07 00:55 - 2023-05-07 00:55 - 000000000 ____d c:\windows\system32\tasks\agent activation runtime 2023-05-07 00:54 - 2023-05-07 00:55 - 000011433 _____ c:\windows\diagwrn.xml |
|
Details | File | 9 | c:\windows\diagerr.xml |
|
Details | File | 1 | c:\users\default\appdata\roaming\microsoft\network 2023-05-07 00:51 - 2023-05-13 10:11 - 000000000 ____d c:\windows\system32\sleepstudy 2023-05-07 00:51 - 2023-05-07 02:01 - 000303288 _____ c:\windows\system32\fntcache.dat |
|
Details | File | 1 | c:\windows\system32\prounstl.exe |
|
Details | File | 1 | c:\adwcleaner 2023-05-05 23:28 - 2023-05-05 23:28 - 000283581 _____ c:\users\ander\desktop\mglogs.zip |
|
Details | File | 1 | c:\mglogs.zip |
|
Details | File | 7 | v2.bin |
|
Details | File | 1 | c:\program files\intel corporation 2023-05-05 22:33 - 2023-02-24 23:02 - 000047240 _____ c:\windows\system32\drivers\semav6msr64.sys |
|
Details | File | 1 | c:\users\ander\appdata\roaming\nvidia 2023-05-04 16:23 - 2023-05-07 00:52 - 000000000 ____d c:\windows\system32\drivers\nvidia corporation 2023-05-04 16:16 - 2023-04-26 11:47 - 002172472 _____ c:\windows\system32\vulkaninfo-1-999-0-0-0.exe |
|
Details | File | 19 | c:\windows\system32\vulkaninfo.exe |
|
Details | File | 19 | c:\windows\syswow64\vulkaninfo-1-999-0-0-0.exe |
|
Details | File | 19 | c:\windows\syswow64\vulkaninfo.exe |
|
Details | File | 19 | c:\windows\system32\vulkan-1-999-0-0-0.dll |
|
Details | File | 18 | c:\windows\system32\vulkan-1.dll |
|
Details | File | 19 | c:\windows\syswow64\vulkan-1-999-0-0-0.dll |
|
Details | File | 19 | c:\windows\syswow64\vulkan-1.dll |
|
Details | File | 22 | c:\windows\system32\opencl.dll |
|
Details | File | 22 | c:\windows\syswow64\opencl.dll |
|
Details | File | 17 | c:\windows\system32\nvifr64.dll |
|
Details | File | 17 | c:\windows\syswow64\nvifr.dll |
|
Details | File | 17 | c:\windows\system32\nvml.dll |
|
Details | File | 17 | c:\windows\system32\nvofapi64.dll |
|
Details | File | 17 | c:\windows\syswow64\nvofapi.dll |
|
Details | File | 17 | c:\windows\system32\nvfbc64.dll |
|
Details | File | 17 | c:\windows\syswow64\nvfbc.dll |
|
Details | File | 17 | c:\windows\system32\nvencodeapi64.dll |
|
Details | File | 17 | c:\windows\syswow64\nvencodeapi.dll |
|
Details | File | 17 | c:\windows\system32\nvidia-smi.exe |
|
Details | File | 17 | c:\windows\syswow64\nvcuvid.dll |
|
Details | File | 17 | c:\windows\system32\nvcuvid.dll |
|
Details | File | 17 | c:\windows\syswow64\nvcuda.dll |
|
Details | File | 13 | c:\windows\system32\nvcudadebugger.dll |
|
Details | File | 17 | c:\windows\system32\nvcpl.dll |
|
Details | File | 17 | c:\windows\system32\nvcuda.dll |
|
Details | File | 17 | c:\windows\system32\nvdebugdump.exe |
|
Details | File | 17 | c:\windows\system32\mcu.exe |
|
Details | File | 16 | c:\windows\system32\nvapi64.dll |
|
Details | File | 17 | c:\windows\syswow64\nvapi.dll |
|
Details | File | 8 | c:\windows\system32\drivers\nvhda64v.sys |
|
Details | File | 3 | c:\windows\system32\nvspcap64.dll |
|
Details | File | 3 | c:\windows\syswow64\nvspcap.dll |
|
Details | File | 3 | c:\windows\system32\nvrtmpstreamer64.dll |
|
Details | File | 3 | c:\windows\system32\nvaudcap64v.dll |
|
Details | File | 3 | c:\windows\syswow64\nvaudcap32v.dll |
|
Details | File | 5 | c:\windows\system32\drivers\nvvhci.sys |
|
Details | File | 3 | c:\windows\system32\drivers\nvvad64v.sys |
|
Details | File | 4 | c:\windows\system32\windowsaccessbridge-64.dll |
|
Details | File | 1 | c:\users\ander\appdata\roaming\discord 2023-05-10 17:17 - 2022-05-22 16:37 - 000000000 ____d c:\users\ander\appdata\roaming\lghub 2023-05-10 17:17 - 2022-05-22 16:37 - 000000000 ____d c:\users\ander\appdata\local\lghub 2023-05-10 17:17 - 2022-05-22 14:02 - 000000000 ___rd c:\users\ander\onedrive 2023-05-10 17:17 - 2021-09-03 20:12 - 000000000 ____d c:\program files\microsoft onedrive 2023-05-10 17:16 - 2022-05-22 15:54 - 000012288 ___sh c:\dumpstack.log |
|
Details | File | 59 | c:\windows\system32\mrt.exe |
|
Details | File | 12 | c:\windows\system32\oemdefaultassociations.dll |
|
Details | File | 3 | c:\windows\system32\oemdefaultassociations.xml |
|
Details | File | 21 | c:\windows\syswow64\msclmd.dll |
|
Details | File | 20 | c:\windows\system32\msclmd.dll |
|
Details | File | 10 | c:\windows\system32\xgamehelper.exe |
|
Details | File | 10 | c:\windows\system32\xgamecontrol.exe |
|
Details | File | 10 | c:\windows\system32\xgameruntime.dll |
|
Details | File | 10 | c:\windows\system32\gameplatformservices.dll |
|
Details | File | 8 | c:\windows\system32\gamingservicesproxy.dll |
|
Details | File | 10 | c:\windows\system32\gameconfighelper.dll |
|
Details | File | 10 | c:\windows\system32\gamelaunchhelper.dll |
|
Details | File | 12 | c:\windows\system32\gamingtcuihelpers.dll |
|
Details | File | 1 | c:\users\ander\appdata\roaming\vampire_survivors 2023-04-13 19:14 - 2023-03-23 22:02 - 000086568 _____ c:\windows\system32\fvsdk_x64.dll |
|
Details | File | 3 | c:\windows\syswow64\fvsdk_x86.dll |
|
Details | File | 8 | install.log |
|
Details | File | 1 | c:\users\ander\appdata\roaming\battlebitconfig.ini |
|
Details | File | 1 | c:\users\ander\appdata\local\d27558.tmp |
|
Details | File | 1 | c:\users\ander\appdata\local\d277aa.tmp |
|
Details | File | 1 | c:\users\ander\appdata\local\d2febf.tmp |
|
Details | IPv4 | 295 | 8.8.8.8 |
|
Details | IPv4 | 63 | 8.8.4.4 |
|
Details | Windows Registry Key | 68 | HKLM\...\Run |
|
Details | Windows Registry Key | 50 | HKLM-x32\...\Run |
|
Details | Windows Registry Key | 6 | HKLM\...\RunOnce |
|
Details | Windows Registry Key | 164 | HKLM\SOFTWARE\Microsoft\Windows |
|
Details | Windows Registry Key | 19 | HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate |
|
Details | Windows Registry Key | 2 | HKU\S-1-5-19\...\RunOnce |
|
Details | Windows Registry Key | 2 | HKU\S-1-5-20\...\RunOnce |
|
Details | Windows Registry Key | 1 | HKU\S-1-5-21-2374129388-989574461-877817314-1001\...\Run |
|
Details | Windows Registry Key | 14 | HKLM\Software\...\Authentication\Credential |
|
Details | Windows Registry Key | 19 | HKLM-x32\...\Edge\Extension |
|
Details | Windows Registry Key | 39 | HKLM-x32\...\Chrome\Extension |