W32/Backdoor2.HUWM also known as Backdoor.Win32.Androm.eosr, W32/Backdoor.IMCL-1790, Trojan ( 0049d6c41 ).
Malware Analysis of W32/Backdoor2.HUWM – KBDHICDA.EXE
Created files:
%SysDir%\kbdhicda.exe
Autostart registry keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\loghsevt: “%SysDir%\kbdhicda.exe”
Detected by UnHackMe:
KBDHICDA.EXE
Default location: %SYSDIR%\KBDHICDA.EXE
Dropper hash(md5): b8334e86c36035ce58717334fab561d5