The file DEADFAT.ACM is identified as a virus dropper.
The dropper DEADFAT.ACM is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file DEADFAT.ACM loads into the computer memory and tries to connect to the dangerous web site.
Usually the DEADFAT.ACM dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the DEADFAT.ACM process and delete the file DEADFAT.ACM.
Malware Analysis of DEADFAT.ACM
Full path on a computer: %SysDir%\deadfat.acm
Detected by UnHackMe:
DEADFAT.ACM
Default location: %SysDir%\deadfat.acm
Removal Results: Success
Number of reboot: 1
DEADFAT.ACM is known as:
Trojan.Agent.9728.OC, Troj.Undef.(kcloud), Trojan.S.RT-Agent.9728.B, Win-Trojan.Agent.9728.AJZ, a variant of Win32.Packed.VMProtect.AAN
DEADFAT.ACM hash:
- MD5: 9385c02568ab2af0cd7ac82b084f013e
How to quickly detect DEADFAT.ACM presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\i80p1937\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
- HKLM\System\CurrentControlSet\Services\i80p1937\Type: 0×00000001
- HKLM\System\CurrentControlSet\Services\i80p1937\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\i80p1937\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\i80p1937\ImagePath: “\??\%SysDir%\deadfat.acm”
- HKLM\System\CurrentControlSet\Services\i80p1937\DisplayName: “i80p1937″
Files:- %SysDir%\deadfat.acm
- %SysDir%\ir4si.ax