Dmitry Sokolov recommends UnHackMe!

UnHackMe is a powerful tool against malware.

UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

Alex NightWatcher: Solved! (5 / 5)

Malware Analysis of PE:Malware.RDM.39!5.2D [F] – SPIRV-REMAP.EXE

Created files:

C:\VulkanSDK\1.0.5.0\Bin32\spirv-as.exe
C:\VulkanSDK\1.0.5.0\Bin32\spirv-dis.exe
C:\VulkanSDK\1.0.5.0\Bin32\spirv-remap.exe
C:\VulkanSDK\1.0.5.0\Bin32\tri-frag.spv
C:\VulkanSDK\1.0.5.0\Bin32\tri-vert.spv

Autostart registry keys:

HKLM\Software\Classes\Applications\renderdocui.exe\shell\open\command\: “”%Program Files%\RenderDoc\renderdocui.exe” “%1″”
HKLM\Software\Classes\Applications\renderdocui.exe\SupportedTypes\.dds: “”
HKLM\Software\Classes\Applications\renderdocui.exe\SupportedTypes\.hdr: “”
HKLM\Software\Classes\Applications\renderdocui.exe\SupportedTypes\.jpg: “”
HKLM\Software\Classes\Applications\renderdocui.exe\SupportedTypes\.jpeg: “”
HKLM\Software\Classes\Applications\renderdocui.exe\SupportedTypes\.png: “”
HKLM\Software\Classes\Applications\renderdocui.exe\SupportedTypes\.exr: “”
HKLM\Software\Classes\Applications\renderdocui.exe\SupportedTypes\.tga: “”
HKLM\Software\Classes\Applications\renderdocui.exe\SupportedTypes\.bmp: “”
HKLM\Software\Classes\Applications\renderdocui.exe\SupportedTypes\.gif: “”
HKLM\Software\Classes\Applications\renderdocui.exe\SupportedTypes\.psd: “”
HKLM\Software\Classes\CLSID\{5D6BF029-A6BA-417A-8523-120492B1DCE3}\InprocServer32\: “%Program Files%\RenderDoc\renderdoc.dll”
HKLM\Software\Classes\RenderDoc.RDCCapture.1\shell\open\command\: “”%Program Files%\RenderDoc\renderdocui.exe” “%1″”
HKLM\Software\Classes\RenderDoc.RDCSettings.1\shell\open\command\: “”%Program Files%\RenderDoc\renderdocui.exe” “%1″”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1659004503-1708537768-1801674531-500\Components\60FA65F138E3E7D4582AA603A955FFF4\0607D716E1176364A9C7D5C27EDBFA48: “02:\Software\Classes\Applications\renderdocui.exe\shell\open\command\”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1659004503-1708537768-1801674531-500\Products\0607D716E1176364A9C7D5C27EDBFA48\InstallProperties\UninstallString: “MsiExec.exe /I{617D7060-711E-4636-9A7C-5D2CE7BDAF84}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1659004503-1708537768-1801674531-500\Products\0607D716E1176364A9C7D5C27EDBFA48\InstallProperties\DisplayName: “RenderDoc”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VulkanSDK1.0.5.0\DisplayName: “VulkanSDK 1.0.5.0”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\VulkanSDK1.0.5.0\UninstallString: “”C:\VulkanSDK\1.0.5.0\Uninstall.exe””
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{617D7060-711E-4636-9A7C-5D2CE7BDAF84}\UninstallString: “MsiExec.exe /I{617D7060-711E-4636-9A7C-5D2CE7BDAF84}”
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{617D7060-711E-4636-9A7C-5D2CE7BDAF84}\DisplayName: “RenderDoc”

Detected by UnHackMe:

SPIRV-REMAP.EXE
Default location: C:\VULKANSDK\1.0.5.0\BIN32\SPIRV-REMAP.EXE

Dropper hash(md5): fa55b2a5a9be12b7c20112abaa426f3e

Written by NightWatcher

Malware Hunter.
Google+

UnHackMe removes malware invisible for your antivirus!

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10. UnHackMe uses minimum of computer resources.