The file B2996061D8883E4B23174120AD873826.EXE is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete B2996061D8883E4B23174120AD873826.EXE we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of C:\KOREAPATH\B2996061D8883E4B23174120AD873826.EXE
Full path on a computer: C:\KOREAPATH\B2996061D8883E4B23174120AD873826.exe
Detected by UnHackMe:
Item Name: jinyo
Author: Unknown
Related File: C:\KOREAPATH\B2996061D8883E4B23174120AD873826.EXE
Type: Explorer Run
Item Name: B2996061D8883E4B23174120AD873826.EXE
Author: Unknown
Related File: C:\KOREAPATH\B2996061D8883E4B23174120AD873826.EXE
Type: Multi AV Detected Files
Removal Results: Success
Number of reboot: 1
B2996061D8883E4B23174120AD873826.EXE is known as:
Trojan.XPACK.RDM.5.1
B2996061D8883E4B23174120AD873826.EXE hash:
- MD5: b2996061d8883e4b23174120ad873826
The file tries to connect to the dangerous web site.
How to quickly detect B2996061D8883E4B23174120AD873826.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\jinyo: “C:\KOREAPATH\B2996061D8883E4B23174120AD873826.exe”
- HKLM\System\CurrentControlSet\Services\BITS\Start: 0×00000002
Folders:- C:\KOREAPATH
Files:- %Temp%\BIT1.tmp
- %SysDir%\drivers\etc\hosts.ics
- C:\KOREAPATH\B2996061D8883E4B23174120AD873826.exe