We checked some samples of ADROPEN.EXE and detected the file ADROPEN.EXE as threat.
Remove the ADROPEN.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of ADROPEN.EXE
Full path on a computer: %SysDir%\adropen.exe
Detected by UnHackMe:
ADROPEN.EXE
Default location: %SysDir%\adropen.exe
Removal Results: Success
Number of reboot: 1
ADROPEN.EXE is known as:
Trojan.DownLoader6.60349, Trojan.A.Downloader.28672.AWB, a variant of Win32.TrojanDownloader.VB.PXY, W32.Genome.DDGR.tr.dldr
ADROPEN.EXE hash:
- MD5: e0b035f0d91bb00a83dccc8a5a278b4b
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect ADROPEN.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MainPro: “%SysDir%\adropen.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\OpenApi: “%SysDir%\adropen.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PlaySys: “%SysDir%\ddsplay.exe”
Files:- %Temp%\~DF33AC.tmp
- %Temp%\~DF37CD.tmp
- %Temp%\~DF59D8.tmp
- %Temp%\~DF59DE.tmp
- %Temp%\~DF59E3.tmp
- %Temp%\~DFE3E0.tmp
- %SysDir%\adropen.exe
- %SysDir%\ddsplay.exe
- %SysDir%\mdamand.exe