OXYTYTMFSDDNDFAFE.EXE is Backdoor Poison

Detected by UnHackMe:

Item Name: {VYBH6MT4-1L4T-45F8-V607-G5V84AOQCR00}
Author: Unknown
Related File: C:\GWREGSRFFEWGTTZFDXADHDS\OXYTYTMFSDDNDFAFE.EXE
Type: ActiveSetup

Item Name: *175072261
Author: Unknown
Related File: %WinDir%\175072261\BCU.EXE
Type: Registry RunOnce

Item Name: config.exe
Author: Unknown
Related File: %STARTUP%\CONFIG.EXE
Type: Startup Folder

Item Name: BCU.EXE
Author: Unknown
Related File: %WinDir%\175072261\BCU.EXE
Type: Multi AV Detected Files

Item Name: CONFIG.EXE
Author: Unknown
Related File: %STARTUP%\CONFIG.EXE
Type: Multi AV Detected Files

Item Name: CTFMON.EXE
Author: Unknown
Related File: %PROFILE%\CTFMON.EXE
Type: Multi AV Detected Files

Item Name: OXYTYTMFSDDNDFAFE.EXE
Author: Unknown
Related File: C:\GWREGSRFFEWGTTZFDXADHDS\OXYTYTMFSDDNDFAFE.EXE
Type: Multi AV Detected Files

Item Name: oxytytmfsddndfafe.exe
Author: Unknown
Related File: C:\GWREGSRFFEWGTTZFDXADHDS\OXYTYTMFSDDNDFAFE.EXE
Type: Running Processes

After first reboot detected by UnHackMe:

Item Name: *175072261
Author: Unknown
Related File: %WinDir%\175072261\BCU.EXE
Type: Registry RunOnce

Removal Results: Success
Number of reboot: 2

OXYTYTMFSDDNDFAFE.EXE is known as:

Backdoor.Poison, Backdoor.Poison.gawx, Trojan.Poison.cfhwrk, Backdoor.Poison (A), Backdoor:W32.Poison.CF, HLLW.SpyNet.113, TR.Llac.lkd.8, Troj.Autoit-XC, Worm.Rebhip.A, W32.GenBl.4A093BC9.Olympus, Trojan.Spatet, Win32.Spatet.T, W32.Poison.GAWX.tr.bdr

OXYTYTMFSDDNDFAFE.EXE hash:

• MD5: 4a093bc94a82a37091cb3c70abe8cc5d

Registry:

• HKLM\Software\Microsoft\Active Setup\Installed Components\{VYBH6MT4-1L4T-45F8-V607-G5V84AOQCR00}\StubPath: “C:\gwregsrffewgttzfdxadhds\oxytytmfsddndfafe.exe”
• HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\*175072261: “”%WinDir%\175072261\BCU.exe”"
• HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\*175072261: “”%WinDir%\175072261\BCU.exe”"

Folders:

• %Appdata%\711
• %WinDir%\175072261
• C:\gwregsrffewgttzfdxadhds

Files:

• %Temp%\Administrator7
• %Temp%\Administrator8
• %Temp%\al.txt
• %Temp%\f.txt
• %Temp%\stubdata.txt
• %Startup%\config.exe
• %Profile%\ctfmon.exe
• %WinDir%\175072261\BCU.exe
• C:\gwregsrffewgttzfdxadhds\oxytytmfsddndfafe.exe