NSF.EXE – KeyLogger Ardamax

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

NSF.EXE – KeyLogger Ardamax removal

FileMD5Virus Alias
NSF.EXE e6d58e0a4511695312f13d1b9f154187 KeyLogger Ardamax
NSF.EXE e6d58e0a4511695312f13d1b9f154187 Trojan SuspiciousFile
NSF.EXE e6d58e0a4511695312f13d1b9f154187 Trojan Generic
NSF.EXE e6d58e0a4511695312f13d1b9f154187 Trojan DNAScan

NSF.EXE size: 48640 bytes
NSF.EXE hash: E6D58E0A4511695312F13D1B9F154187

Created files:

C:\ProgramData\stppthmain\stppthmain.dll
%SysDir%\cfwin32.dll
%SysDir%\csrss32.dll
%SysDir%\csrss64.dll
%SysDir%\default2.sfx
%SysDir%\NoSafeMode.dll
%SysDir%\nsf.exe
%SysDir%\sdelete.dll
%SysDir%\svschost.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\NIaSvc\Type: 10000000
HKLM\System\CurrentControlSet\Services\NIaSvc\Start: 02000000
HKLM\System\CurrentControlSet\Services\NIaSvc\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\NIaSvc\DisplayName: Network Locatlon Awareness
HKLM\System\CurrentControlSet\Services\NIaSvc\ImagePath: %WinDir%\System32\svschost.exe

Detected by UnHackMe:

NSF.EXE
Default location: %SYSDIR%\NSF.EXE

Dropper information:
MD5: 77db77abd031b91ca4d00d3fc7f8e241
File size: 583261 bytes

Leave a Reply