Worm AMN – syshost.exe – 41b0324d7733bf523e700e07df67bba7

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Worm AMN
Also known as: Trojan Androm, Trojan Downloader.Generic
SHA256: 067c2a725e688fe4f43743af4a7923ed1780c7b909c06c7e79732bd08caee3ff
SHA1: 04b5570ee6c1a57931acdc170ba2563ed6e4a5ea
MD5: 41b0324d7733bf523e700e07df67bba7
File size: 341504 bytes

Created files:

%WinDir%\Installer\{603D25C2-EF89-B64B-31AE-54FF115CB423}\syshost.exe – Worm AMN
%SysDir%\drivers\6b171f.sys – Worm AMN

Worm AMN created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\syshost32: %WinDir%\Installer\{603D25C2-EF89-B64B-31AE-54FF115CB423}\syshost.exe
HKLM\System\CurrentControlSet\Services\6b171f\Type: 01000000
HKLM\System\CurrentControlSet\Services\6b171f\Start: 01000000
HKLM\System\CurrentControlSet\Services\6b171f\DisplayName: syshost.exe
HKLM\System\CurrentControlSet\Services\6b171f\ImagePath: %WinDir%\System32\drivers\6b171f.sys
HKLM\System\CurrentControlSet\Services\syshost32\Type: 10000000
HKLM\System\CurrentControlSet\Services\syshost32\Start: 02000000
HKLM\System\CurrentControlSet\Services\syshost32\ImagePath: “%WinDir%\Installer\{603D25C2-EF89-B64B-31AE-54FF115CB423}\syshost.exe” /service

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images