The file 6WF15QF16.EXE is a computer worm.
The worm 6WF15QF16.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the 6WF15QF16.EXE problem as soon as possible!
Delete the file 6WF15QF16.EXE from all infected computers in your network.
Set up your network firewall against 6WF15QF16.EXE intervention.
Malware Analysis of 6WF15QF16.EXE
Full path on a computer: C:\directory\CyberGate\6wf15qf16\6wf15qf16.exe
Detected by UnHackMe:
Item Name: Policies
Author: Unknown
Related File: C:\DIRECTORY\CYBERGATE\6WF15QF16\6WF15QF16.EXE
Type: Explorer Run
Item Name: {8B8H278V-8TY2-207X-S6F7-TK5Y18GW0VH2}
Author:
Current Setting: C:\DIRECTORY\CYBERGATE\6WF15QF16\6WF15QF16.EXE
Type: ActiveSetup
Removal Results: Success
Number of reboot: 1
6WF15QF16.EXE is known as:
Worm.Rebhip.A, BScope.Trojan.Agent, Trj.Thed.W, a variant of Win32.Packed.VMProtect.AAH, PE:Malware.XPACK.RDM.5.1, Luhe.Boxed.A
6WF15QF16.EXE hash:
- MD5: 7ac8ef8c17270348ce7acf505a71f57e
Registry:- HKLM\Software\Microsoft\Active Setup\Installed Components\{8B8H278V-8TY2-207X-S6F7-TK5Y18GW0VH2}\StubPath: “c:\directory\CyberGate\6wf15qf16\6wf15qf16.exe Restart”
- HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Policies: “c:\directory\CyberGate\6wf15qf16\6wf15qf16.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: “c:\directory\CyberGate\6wf15qf16\6wf15qf16.exe”
Folders:- C:\directory
- C:\directory\CyberGate
- C:\directory\CyberGate\6wf15qf16
Files:- %Appdata%\Administratorv1.18.0 – Trial versionlog.dat
- %Temp%\Administrator7
- %Temp%\Administrator8
- C:\directory\CyberGate\6wf15qf16\6wf15qf16.exe