Spyware ( 0000b1001 )
Spyware ( 0000b1001 ) also known as TROJ_LYDRA.SMA, TrojanSpy.Lydra.kp. Malware Analysis of Spyware ( 0000b1001 ) – WSERVICES.EXE Created files: %WinDir%\msrpc.exe %WinDir%\regedit2.exe %WinDir%\wservices.exe Autostart registry keys: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\msrpc: “c:\windows\msrpc.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\Run\wservices: “c:\windows\wservices.exe” HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\wservices: “c:\windows\wservices.exe” HKLM\System\CurrentControlSet\Services\wservices\DisplayName: “Windows Font Cache” HKLM\System\CurrentControlSet\Services\wservices\ImagePath: “c:\windows\wservices.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\wservices: “c:\windows\wservices.exe” HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lsassv: “c:\windows\lsassv.exe” Detected by UnHackMe: WSERVICES.EXE Default location: %WinDir%\WSERVICES.EXE Dropper hash(md5): c6b9e79b53195ade08d8ac7599797790 UnHackMe removes malware…