QYWQUY.EXE – Backdoor Nitol

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

QYWQUY.EXE – Backdoor Nitol removal

FileMD5Virus Alias
QYWQUY.EXE 0be7dc69e5f1f45bc941aa48c270f1b4 Backdoor Nitol
QYWQUY.EXE 0be7dc69e5f1f45bc941aa48c270f1b4 Trojan SuspiciousFile
QYWQUY.EXE 0be7dc69e5f1f45bc941aa48c270f1b4 Trojan Artemis
QYWQUY.EXE 0be7dc69e5f1f45bc941aa48c270f1b4 Trojan Generic
QYWQUY.EXE 0be7dc69e5f1f45bc941aa48c270f1b4 Trojan Eldorado
QYWQUY.EXE 0be7dc69e5f1f45bc941aa48c270f1b4 Trojan Downloader

QYWQUY.EXE size: 49664 bytes
QYWQUY.EXE hash: 0BE7DC69E5F1F45BC941AA48C270F1B4

Created files:

%SysDir%\gei33.dll
%SysDir%\qywquy.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\netscvre\Type: 10000000
HKLM\System\CurrentControlSet\Services\netscvre\Start: 02000000
HKLM\System\CurrentControlSet\Services\netscvre\DisplayName: NT LM Security Support Providers
HKLM\System\CurrentControlSet\Services\netscvre\ImagePath: %WinDir%\System32\qywquy.exe
HKLM\System\CurrentControlSet\Services\netscvre\Description: NT LM Security Support Providers

Detected by UnHackMe:

QYWQUY.EXE
Default location: %SYSDIR%\QYWQUY.EXE

Dropper information:
MD5: 0be7dc69e5f1f45bc941aa48c270f1b4
File size: 49664 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images