A forum for reverse engineering, OS internals and malware analysis 

Win32/Skeeyah (FakeChrome)

Forum for analysis and discussion about malware.

Win32/Skeeyah (FakeChrome)

 #31317  by Fedor22
 Sun Mar 04, 2018 3:44 pm
Fake Chrome (Trojan:Win32/Skeeyah.A!rfn)
Dropped in:
Code: Select all
C:\Users\*username*\AppData\Roaming\WebBrowser.exe
Changes the autorun value in:
Code: Select all
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
URL:
Code: Select all
xxxx://campinglesamis.com/wpscripts/Chrome%20Hijacker.exe
VT (55/67): https://www.virustotal.com/en/file/d569 ... /analysis/
Attachments
(396.79 KiB) Downloaded 34 times
 Return to “Malware”