We checked some samples of WOWBOX.EXE and detected the file WOWBOX.EXE as threat.
Remove the WOWBOX.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of WOWBOX.EXE
Full path on a computer: %Temp%\WoWBox.exe
Detected by UnHackMe:
WOWBOX.EXE
Default location: %Temp%\WoWBox.exe
Removal Results: Success
Number of reboot: 1
WOWBOX.EXE is known as:
Trojan.Artemis
WOWBOX.EXE hash:
- MD5: 7907677db9276189eddbd9f8e1132e7b
The file tries to connect to the dangerous web site.
How to quickly detect WOWBOX.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0200804\Ime File: “CHINASOUGOU.IME”
- HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0200804\Layout Text: “O?IA(O??u)”
- HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0200804\Layout File: “kbdus.dll”
Folders:- %Appdata%\duowan
- %Appdata%\duowan\yy
- %Appdata%\duowan\yy\yypip
- %Appdata%\duowan\yy\yypip\download
- %Temp%\WoWBox
- %Temp%\WoWBox\BBS
- %Common Appdata%\WowBox
- %Common Appdata%\WowBox\C__DOCUME~1_ADMINI~1_LOCALS~1_Temp
Files:- %Appdata%\Microsoft\Internet Explorer\UserData\AFON1NYV\wow.duowan[1].xml
- %Appdata%\Microsoft\Internet Explorer\UserData\DDOMM32H\jt.duowan[1].xml
- %Temp%\CE9A.dmp
- %Temp%\cfcc_appcompat.txt
- %Temp%\WoWBox\BBS\09c9b4fc3c9373646831d8f4bed7ae97.xml
- %Temp%\WoWBox\BBS\cf95289ad42bef676e74cea965ab5bba.xml
- %Temp%\WoWBox.exe
- %Common Appdata%\pipfactory.mod
- %SysDir%\dllcache\ksuser.dll
- %SysDir%\dllcache\midimap.dll
- %SysDir%\asianlan10.dll
- %SysDir%\chinasougou.ime
- %SysDir%\yuksuser.dll
- %SysDir%\yumidimap.dll