How to remove wvhdqsgr64.sys
- File Details
- Overview
- Analysis
wvhdqsgr64.sys
The module wvhdqsgr64.sys has been detected as Trojan.Agent
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
6e4cea0a8774d6093230ef0e49306635 |
| Size: |
55 KB |
| First Published: |
2017-10-25 10:08:53 (7 years ago) |
| Latest Published: |
2019-09-13 13:58:08 (5 years ago) |
| Status: |
Trojan.Agent (on last analysis) |
|
| Analysis Date: |
2019-09-13 13:58:08 (5 years ago) |
Overview
| %sysdrive%\windows.old\users\gyhu7\appdata\local\microsoft\windows\system32 |
| %localappdata%\microsoft\windows\system32 |
| %sysdrive%\windows.old\users\omar\appdata\local\microsoft\windows |
| Windows 10 |
66.7% |
|
| Windows 7 |
33.3% |
|
Analysis
| Subsystem: |
Native |
| PE Type: |
pe |
| OS Bitness: |
64 |
| Image Base: |
0x0000000140000000 |
| Entry Address: |
0x0000c000 |
| Name |
Size of data |
MD5 |
| .text |
24064 |
1510f27004bae148e574326d32fa4274 |
| .rdata |
4096 |
4fa284515db94bf86397ffb20c22b834 |
| .data |
1024 |
caf1def358ceb0465a9146dbff579ddf |
| .pdata |
1536 |
a30e45c21882372516e1da5c98b30b27 |
| .gfids |
512 |
64d1f04ee674327483852f238bb2c4a5 |
| PAGE |
1024 |
821a74f8633b280db6b435c0b684499e |
| INIT |
3072 |
373a7b2aabf4eeffbfa51e8c8b6f0ff2 |
| .rsrc |
1024 |
6d7eb068e44c3a7eae80e0bf0b2978cf |
| .reloc |
512 |
318975f9c85e40aca40f44650633b38b |
