How to remove NtQuerySystemInformationHook.dll

NtQuerySystemInformationHook.dll

The module NtQuerySystemInformationHook.dll has been detected as Trojan.Zpevdo

NtQuerySystemInformationHook.dll
Remove NtQuerySystemInforma

File Details

MD5: 09031a062610d77d685c9934318b4170
Size: 99 KB
First Published: 2021-03-16 21:27:04 (4 years ago)
Latest Published: 2024-11-18 23:01:51 (8 months ago)
Status: Trojan.Zpevdo (on last analysis)
Analysis Date: 2024-11-18 23:01:51 (8 months ago)

Common Places:

%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss

Geography:

10.3%
6.4%
4.9%
4.9%
3.9%
3.7%
3.5%
3.5%
3.3%
3.3%
2.9%
2.7%
2.5%
2.5%
2.1%
1.6%
1.6%
1.4%
1.2%
1.2%
1.2%
1.2%
1.2%
1.0%
1.0%
1.0%
1.0%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.6%
0.6%
0.6%
0.6%
0.6%
0.6%
0.6%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.4%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%

OS Version:

Windows 10 92.3%
Windows 7 5.0%
Windows 8.1 2.0%
Windows 8 0.6%
Windows Vista 0.2%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 64
Image Base: 0x0000000180000000
Entry Address: 0x00002f24

PE Sections:

Name Size of data MD5
.text 52736 8ef476021ae98bdd572155d56fbe9d61
.rdata 37376 d297d6687cf92cae6a9d049060a4ce34
.data 3072 4dd5825531bc2f27c0231ce551be5bb9
.pdata 4096 0b8d34d7926bc350c9c8e90a1335ca32
_RDATA 512 69ae770814f95ce038ffd844927e76cb
.rsrc 512 8a48e252156d2953f01762ba42c44c88
.reloc 2048 e774c0a1ea9f79486e620410ec0c706d

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for NtQuerySystemInformationHook.dll
copyright for information about NtQuerySystemInformationHook.dll