KSCAN.EXE – Backdoor Nitol

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

KSCAN.EXE – Backdoor Nitol removal

FileMD5Virus Alias
KSCAN.EXE 15c1ffb1923d637058b04fe6536a25a8 Backdoor Nitol
KSCAN.EXE 15c1ffb1923d637058b04fe6536a25a8 Trojan SuspiciousFile
KSCAN.EXE 15c1ffb1923d637058b04fe6536a25a8 Trojan Artemis
KSCAN.EXE 15c1ffb1923d637058b04fe6536a25a8 Trojan Eldorado
KSCAN.EXE 15c1ffb1923d637058b04fe6536a25a8 Trojan Graftor
KSCAN.EXE 15c1ffb1923d637058b04fe6536a25a8 Trojan Magania

KSCAN.EXE size: 218968 bytes
KSCAN.EXE hash: 15C1FFB1923D637058B04FE6536A25A8

Created files:

%SysDir%\Black.dll
%SysDir%\Drivers\diskflt.sys
%SysDir%\kscan.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run : %WinDir%\System32\kscan.exe
HKLM\System\CurrentControlSet\Services\diskflt\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\diskflt\Type: 01000000
HKLM\System\CurrentControlSet\Services\diskflt\Tag: 0A000000
HKLM\System\CurrentControlSet\Services\Nationaljqn\Type: 10010000
HKLM\System\CurrentControlSet\Services\Nationaljqn\Start: 02000000
HKLM\System\CurrentControlSet\Services\Nationaljqn\DisplayName: Nationallgp Instruments Domain Service
HKLM\System\CurrentControlSet\Services\Nationaljqn\ImagePath: %WinDir%\System32\kscan.exe
HKLM\System\CurrentControlSet\Services\Nationaljqn\Description: Providesjlm a domain server for NI security.

Detected by UnHackMe:

KSCAN.EXE
Default location: %SYSDIR%\KSCAN.EXE

Dropper information:
MD5: 15c1ffb1923d637058b04fe6536a25a8
File size: 218968 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images