We checked up the file 1NE331.EXE and found it hazardous.
The file 1NE331.EXE must be deleted from the system immediately.
Kill the process 1NE331.EXE and remove 1NE331.EXE from the Windows startup.
Malware Analysis of 1NE331.EXE
Full path on a computer: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe
Detected by UnHackMe:
1NE331.EXE
Default location: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe
Removal Results: Success
Number of reboot: 1
1NE331.EXE is known as:
Trojan.Azbreg, Win32.Lethic.SAVKCHD, Backdoor.Azbreg.xzx, Backdoor.Azbreg.dWpI48Mb5+8, Worm.S.Gamarue.84480, TrojWare.Kryptik.BSND, HLLW.Autoruner1.40792, Worm.Dorkbot.b (v), TR.Injector.86016.47, Troj.Lethic-W, Trojan[Backdoor].Azbreg, Trojan.Lethic.B, Trojan.Agent.Gen, Worm.Gamarue, W32.Trojan.IGSY-4119, Trojan-Dropper.17109, Backdoor.Azbreg.aqb, Win32.Lethic.AA, Backdoor.Azbreg, W32.Azbreg.XZX.tr.bdr, Win32.Cryptor, Trj.OCJ.D, Win32.Backdoor.c78
1NE331.EXE hash:
- MD5: 826c0a99eea62f6a9c67ea7144a20285
Registry:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\1ne331: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe”
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe”
Folders:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196
Files:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\1ne331.exe
- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10967196\Desktop.ini