Trojan.Staser.Win32.931 also known as Trojan.GenericKD.1761213, Trojan.GenericKD.1761213 (B), Trojan.Agent.QQGen.
Malware Analysis of Trojan.Staser.Win32.931 – USYBTND.EXE
Created files:
%Program Files%\Windows NT\Usybtnd.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\Wsmnnh oryqjhhn\ImagePath: “%Program Files%\Windows NT\Usybtnd.exe”
HKLM\System\CurrentControlSet\Services\Wsmnnh oryqjhhn\DisplayName: “Cwykqa yagasscc”
Detected by UnHackMe:
USYBTND.EXE
Default location: %PROGRAM FILES%\WINDOWS NT\USYBTND.EXE
Dropper hash(md5): ab5dab9b95b114dee0fb060dff5b9628