We checked up the file STICKYNOTES.EXE and found it hazardous.
The file STICKYNOTES.EXE must be deleted from the system immediately.
Kill the process STICKYNOTES.EXE and remove STICKYNOTES.EXE from the Windows startup.
Malware Analysis of STICKYNOTES.EXE
Full path on a computer: %Temp%\StickyNotes.exe
Detected by UnHackMe:
STICKYNOTES.EXE
Default location: %Temp%\StickyNotes.exe
Removal Results: Success
Number of reboot: 1
STICKYNOTES.EXE is known as:
Trojan.Agent.UKN, Trojan.Agent.afjcw, Trojan.Agent, W32.Agent.AFJCW.tr, Win32.DH{XSUgIg8D}, Trojan.Agent.AZ
STICKYNOTES.EXE hash:
- MD5: eaff193c8066e545934f4ed101456fce
The file tries to download information from some web sites.
How to quickly detect STICKYNOTES.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: “rundll32.exe %SysDir%\advpack.dll,DelNodeRunDLL32 “%Temp%\IXP000.TMP\”"
- HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Windows: “%Temp%\StickyNotes.exe”
Folders:- %Local Appdata%\Adobe
- %Local Appdata%\Adobe\AIH.63464bb6c5bf048a43f26e726b4f9ba26b11edf7
- %Temp%\IXP000.TMP
Files:- %Appdata%\Microsoft\CryptnetUrlCache\Content\398EE64D66758B5715368AA94044B13A
- %Appdata%\Microsoft\CryptnetUrlCache\MetaData\398EE64D66758B5715368AA94044B13A
- %Local Appdata%\Adobe\AIH.63464bb6c5bf048a43f26e726b4f9ba26b11edf7\downloader.bundle
- %Local Appdata%\Adobe\AIH.63464bb6c5bf048a43f26e726b4f9ba26b11edf7\downloader.dll
- %Local Appdata%\Adobe\AIH.63464bb6c5bf048a43f26e726b4f9ba26b11edf7\launcher.bundle
- %Local Appdata%\Adobe\AIH.63464bb6c5bf048a43f26e726b4f9ba26b11edf7\launcher.dll
- %Temp%\119H43CAFF43434.txt
- %Temp%\1AA1F54BCb343e5bfdabc054ab45d67.tmp
- %Temp%\220AD332F8799A1.txt
- %Temp%\HaSc.txt
- %Temp%\HaSc.zip
- %Temp%\INSTAL~2.exe
- %Temp%\IXP000.TMP\STICKY~1.EXE
- %Temp%\StickyNotes.exe
- %Temp%\token.txt