How to remove NtQuerySystemInformationHook.dll

NtQuerySystemInformationHook.dll

The module NtQuerySystemInformationHook.dll has been detected as Trojan.Zpevdo

NtQuerySystemInformationHook.dll
Remove NtQuerySystemInforma

File Details

MD5: 09031a062610d77d685c9934318b4170
Size: 99 KB
First Published: 2021-03-16 21:27:04 (2 years ago)
Latest Published: 2023-11-29 23:08:23 (a day ago)
Status: Trojan.Zpevdo (on last analysis)
Analysis Date: 2023-11-29 23:08:23 (a day ago)

Common Places:

%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss
%temp%\csrss

Geography:

10.8%
5.9%
5.1%
4.4%
4.1%
3.8%
3.8%
3.8%
2.8%
2.8%
2.6%
2.6%
2.6%
2.6%
2.1%
1.8%
1.5%
1.5%
1.3%
1.3%
1.3%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.8%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%
0.3%

OS Version:

Windows 10 93.4%
Windows 7 4.1%
Windows 8.1 1.7%
Windows 8 0.5%
Windows Vista 0.2%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 64
Image Base: 0x0000000180000000
Entry Address: 0x00002f24

PE Sections:

Name Size of data MD5
.text 52736 8ef476021ae98bdd572155d56fbe9d61
.rdata 37376 d297d6687cf92cae6a9d049060a4ce34
.data 3072 4dd5825531bc2f27c0231ce551be5bb9
.pdata 4096 0b8d34d7926bc350c9c8e90a1335ca32
_RDATA 512 69ae770814f95ce038ffd844927e76cb
.rsrc 512 8a48e252156d2953f01762ba42c44c88
.reloc 2048 e774c0a1ea9f79486e620410ec0c706d

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for NtQuerySystemInformationHook.dll
copyright for information about NtQuerySystemInformationHook.dll