Trojan Zbot – syshost.exe – 258900b115054c8c4decd1833aef8432

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Trojan Zbot
Also known as: Trojan Agent, Trojan Kryptik
SHA256: 9fcba29f3286203fe9426ee1e71f749ef2e13c88b4d43578fb32808df9773f8a
SHA1: c6d0a5443a49e7a9d96c1f914fa02a3f03e13cf6
MD5: 258900b115054c8c4decd1833aef8432
File size: 338944 bytes

Created files:

%WinDir%\Installer\{9C191FAB-CDF2-218F-BD79-0AF49D584EC1}\syshost.exe – Trojan Zbot
%SysDir%\drivers\c8423.sys – Trojan Zbot

Trojan Zbot created autostart registry keys:

HKLM\System\CurrentControlSet\Services\c8423\Type: 01000000
HKLM\System\CurrentControlSet\Services\c8423\Start: 01000000
HKLM\System\CurrentControlSet\Services\c8423\DisplayName: syshost.exe
HKLM\System\CurrentControlSet\Services\c8423\ImagePath: %WinDir%\System32\drivers\c8423.sys
HKLM\System\CurrentControlSet\Services\syshost32\Type: 10000000
HKLM\System\CurrentControlSet\Services\syshost32\Start: 02000000
HKLM\System\CurrentControlSet\Services\syshost32\ImagePath: “%WinDir%\Installer\{9C191FAB-CDF2-218F-BD79-0AF49D584EC1}\syshost.exe” /service
HKLM\System\CurrentControlSet\Services\syshost32\a9ae6b17c5a5d8d6: D6FAB61A88E2532F
HKLM\System\CurrentControlSet\Services\syshost32\7407fdfc5e97ab48: 2375CDA84878C8F88351BC50
HKLM\System\CurrentControlSet\Services\syshost32\ee57f03d4932cff6: F6DAD6FAA80D7B32

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images