Trojan/Win32.Staser also known as a variant of Win32/Fusing.CF, Trojan.GenericKD.1761213 (B), Trojan.GenericKD.1761213.
Malware Analysis of Trojan/Win32.Staser – USYBTND.EXE
Created files:
%Program Files%\Windows NT\Usybtnd.exe
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\Wsmnnh oryqjhhn\ImagePath: “%Program Files%\Windows NT\Usybtnd.exe”
HKLM\System\CurrentControlSet\Services\Wsmnnh oryqjhhn\DisplayName: “Cwykqa yagasscc”
Detected by UnHackMe:
USYBTND.EXE
Default location: %PROGRAM FILES%\WINDOWS NT\USYBTND.EXE
Dropper hash(md5): ab5dab9b95b114dee0fb060dff5b9628