We checked up the file B12PR100.EXE and found it hazardous.
The file B12PR100.EXE must be deleted from the system immediately.
Kill the process B12PR100.EXE and remove B12PR100.EXE from the Windows startup.
Malware Analysis of B12PR100.EXE
Full path on a computer: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
Detected by UnHackMe:
B12PR100.EXE
Default location: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
Removal Results: Success
Number of reboot: 1
B12PR100.EXE is known as:
Trojan.Gurl, Worm.Net-Kolab.68231, Trojan.Agent.Gen-Undef, Troj.Agent-AAXV, TrojWare.Injector.BGJ, BackDoor.Gurl.2, Trojan.Agent.aaxv (v), Backdoor.Azbreg.bqi, Worm[Net].Kolab, Troj.Undef.(kcloud), Trojan.Lethic.B, Trojan.HmBlocker, W32.Trojan.WLUI-7811, BScope.Backdoor.IRCBot.2122, Trj.Zbot.M, Win32.Lethic.AA, Trojan.Ircbrute, W32.Injector.AEJX.tr
B12PR100.EXE hash:
- MD5: 688697bba73d06f713691b4ae3d85939
How to quickly detect B12PR100.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\b1e1pr00: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe”
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe”
Folders:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146
Files:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\Desktop.ini