PH9YA.EXE – Trojan Agent

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

PH9YA.EXE – Trojan Agent removal

FileMD5Virus Alias
PH9YA.EXE 7e11c694aaf5ba92d6cc88267ed13c71 Trojan Agent
PH9YA.EXE 7e11c694aaf5ba92d6cc88267ed13c71 Trojan Eldorado
PH9YA.EXE 7e11c694aaf5ba92d6cc88267ed13c71 Trojan Downloader
PH9YA.EXE 7e11c694aaf5ba92d6cc88267ed13c71 Trojan CI
PH9YA.EXE 7e11c694aaf5ba92d6cc88267ed13c71 Trojan Siggen
PH9YA.EXE 7e11c694aaf5ba92d6cc88267ed13c71 Trojan Small

PH9YA.EXE size: 28672 bytes
PH9YA.EXE hash: 7E11C694AAF5BA92D6CC88267ED13C71

Created files:

%Program Files%\PH9YA.exe
%Program Files%\QX73WN8\E12ADJZ0.exe
%WinDir%\OXK2ZF52I44B.exe
D:\cert\VBoxCertUtil.exe
D:\VBoxWindowsAdditions-x86.exe
D:\VBoxWindowsAdditions.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\PLW4L\Type: 10010000
HKLM\System\CurrentControlSet\Services\PLW4L\Start: 02000000
HKLM\System\CurrentControlSet\Services\PLW4L\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\PLW4L\DisplayName: PLW4L
HKLM\System\CurrentControlSet\Services\PLW4L\ImagePath: %WinDir%\OXK2ZF52I44B.exe -4I9T8W63KYX1

Detected by UnHackMe:

PH9YA.EXE
Default location: %PROGRAM FILES%\PH9YA.EXE

Dropper information:
MD5: 1d83db28a6c9c8dd866d66369844b697
File size: 73728 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images