CmjSpy (d)
Copyright © MegaSecurity
By cmjboy
Informations
| From | China |
| Author | cmjboy |
| Family | CmjSpy |
| Category | Remote Access |
| Version | CmjSpy (d) |
| Language | Delphi, compressed with UPX |
Additional Information
Servers:
c:\WINDOWS\SYSTEM\Rundll32 .exe
c:\WINDOWS\scanregw .exe
c:\WINDOWS\taskmon .exe
size: 685.568 bytes
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "LoadPowerProfile"
Old data: Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
New data: "Rundll32 .exe" powrprof.dll,LoadCurrentPwrScheme
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ScanRegistry"
Old data: C:\WINDOWS\scanregw.exe /autorun
New data: "C:\WINDOWS\scanregw .exe" /autorun
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Taakcontrole"
Old data: C:\WINDOWS\taskmon.exe
New data: "C:\WINDOWS\taskmon .exe"
added:
c:\WINDOWS\scanregw .exe
c:\WINDOWS\taskmon .exe
c:\WINDOWS\SYSTEM\BACKDOOR.CMJSPY.D.exe
c:\WINDOWS\SYSTEM\Internet .exe
c:\WINDOWS\SYSTEM\ppx.txt
c:\WINDOWS\SYSTEM\Rundll32 .exe
c:\WINDOWS\SYSTEM\Rundll32 .exe
c:\WINDOWS\TEMP\IO.dll
c:\WINDOWS\TEMP\p2x560.dll
c:\WINDOWS\TEMP\Socket.dll
c:\WINDOWS\SYSTEM\tdllcope.vxdIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.