We checked up the file RDMOUW.EXE and found it hazardous.
The file RDMOUW.EXE must be deleted from the system immediately.
Kill the process RDMOUW.EXE and remove RDMOUW.EXE from the Windows startup.
Malware Analysis of RDMOUW.EXE
Full path on a computer: %Local Appdata%\rdmouw.exe
Detected by UnHackMe:
RDMOUW.EXE
Default location: %Local Appdata%\rdmouw.exe
Removal Results: Success
Number of reboot: 1
RDMOUW.EXE is known as:
Trojan.Dapato.bcslde, Trojan-Downloader.Dapato.nqt, TR.Spy.Banker.4229120, TrojanDownloader.Dapato.cag, Troj.Undef.(kcloud), Downloader.Dapato, a variant of Win32.Spy.Banker.YSX, Trojan.Balisdat, W32.Dapato.NQT.tr.dldr
RDMOUW.EXE hash:
- MD5: bebc150d3c4e5ace6bece80248bac2b8
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect RDMOUW.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\rdmouw: “%Local Appdata%\rdmouw.exe”
Files:- %Local Appdata%\0WBWEWW98808A7w.txt
- %Local Appdata%\less.exe
- %Local Appdata%\libmysql.dll
- %Local Appdata%\new.txt
- %Local Appdata%\rdmouw.exe
- %Local Appdata%\sql.txt