Hesive.b
Hesive.b is a backdoor that provides the attacker with unauthorized remote access to the compromised PC. It allows the intruder to download, upload and run arbitrary files, execute computer commands, terminate running processes, modify computer configuration through the registry, get computer and network information. Hesive.b inject malicious code into legitimate computer processes. It also uses a rootkit to hide all its files and registry entries. The backdoor runs as a service on every Windows startup.
File System Modifications
- The following files were created in the system:
# File Name 1 hms.exe 2 zykheptd.dll 3 zykheptd.sys
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun(default)=rundll32.exe[filename]HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_ZYKHEPTDHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesykheptdHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesdmserverParametersServiceDLL=%System%zykheptd.dlldo98work
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.