QYNGCY.DLL – Backdoor PcClien

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

QYNGCY.DLL – Backdoor PcClien removal

FileMD5Virus Alias
QYNGCY.DLL 022a316017a82061a4c5c0dd96788876 Backdoor PcClien
QYNGCY.DLL 022a316017a82061a4c5c0dd96788876 Trojan Eldorado
QYNGCY.DLL 022a316017a82061a4c5c0dd96788876 Trojan Downloader
QYNGCY.DLL 022a316017a82061a4c5c0dd96788876 Trojan Crypt

QYNGCY.DLL size: 88576 bytes
QYNGCY.DLL hash: 022A316017A82061A4C5C0DD96788876

Created files:

%SysDir%\00048707.sys
%SysDir%\qyngcy.dll
%SysDir%\qyngcy.sco

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\xmkhmu\Type: 10010000
HKLM\System\CurrentControlSet\Services\xmkhmu\Start: 02000000
HKLM\System\CurrentControlSet\Services\xmkhmu\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\xmkhmu\DisplayName: xmkhmu
HKLM\System\CurrentControlSet\Services\xmkhmu\ImagePath: %WinDir%\System32\svchost.exe -k xmkhmu
HKLM\System\CurrentControlSet\Services\xmkhmu\Description: Microsoft .NET Framework TPM
HKLM\System\CurrentControlSet\Services\xmkhmu\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00710079006E006700630079002E0064006C006C000000

Detected by UnHackMe:

QYNGCY.DLL
Default location: %SYSDIR%\QYNGCY.DLL

Dropper information:
MD5: 413c0714e200da311f2a93a814b43d61
File size: 71306 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images