Home Malware Programs Trojans Mal/Emogen-B

Mal/Emogen-B

Posted: May 30, 2011

Mal/Emogen-B is a hazardous trojan infection which is able to steal personal data gathered on an affected computer and sends the collected information to remote servers. Mal/Emogen-B allows hackers gain remote access to a corrupted computer system, and then execute lots of operations there. Mal/Emogen-B is able to download other malware threats from the web to the infected computer without a victim's consent. Mal/Emogen-B will infect files and programs, steal a user's private details, change system settings or drop backdoors to the PC system. Mal/Emogen-B should be removed as quickly as possible once detected on a computer system.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\jx.exe
    2 %System%\SENDED_LOG.LOG
    3 %System%\version.bin
    4 %Temp%\ddd1.exe
    5 %Temp%\decrypted.exe
    6 c:\cab10.log
    7 c:\safe36.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}\ControlHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}\InsertableHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}\MiscStatusHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}\MiscStatus\1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}\ProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}\ProgrammableHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}\ToolboxBitmap32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}\VersionHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9EC30204-384D-11D3-9CA3-00A024F0AF03}\VersionIndependentProgIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CertifWin.ValidaUsuarioHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CertifWin.ValidaUsuario.1HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CertifWin.ValidaUsuario.1\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CertifWin.ValidaUsuario\CLSIDHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CertifWin.ValidaUsuario\CurVerHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59EAE925-6127-11D3-9CA9-00A024F0AF03}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59EAE925-6127-11D3-9CA9-00A024F0AF03}\ProxyStubClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59EAE925-6127-11D3-9CA9-00A024F0AF03}\ProxyStubClsid32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59EAE925-6127-11D3-9CA9-00A024F0AF03}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9EC30203-384D-11D3-9CA3-00A024F0AF03}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9EC30203-384D-11D3-9CA3-00A024F0AF03}\ProxyStubClsidHKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9EC30203-384D-11D3-9CA3-00A024F0AF03}\ProxyStubClsid32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9EC30203-384D-11D3-9CA3-00A024F0AF03}\TypeLibHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EC301F7-384D-11D3-9CA3-00A024F0AF03} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EC301F7-384D-11D3-9CA3-00A024F0AF03}\1.0HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EC301F7-384D-11D3-9CA3-00A024F0AF03}\1.0\0HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EC301F7-384D-11D3-9CA3-00A024F0AF03}\1.0\0\win32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EC301F7-384D-11D3-9CA3-00A024F0AF03}\1.0\FLAGSHKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EC301F7-384D-11D3-9CA3-00A024F0AF03}\1.0\HELPDIR
Loading...