Trojan.Pykspa.A

By CagedTech in Trojans

Threat Scorecard

Popularity Rank:	14,465
Threat Level:	80 % (High)
Infected Computers:	546

First Seen:	April 25, 2017
Last Seen:	January 19, 2026
OS(es) Affected:	Windows

Table of Contents

Analysis Report

General information

Family Name:	Trojan.Pykspa.A
Signature status:	No Signature

Known Samples

MD5: a0e9ea6aa593d36f230428aa058f8ecb

SHA1: 9994a705697baa9c2d1b19c03be4b223a17ee4ff

File Size: 700.42 KB, 700416 bytes

MD5: 5237d4fc1dc403953f010de560eca6fe

SHA1: 6470f6e241779bcf9c286717abb1c2b028acac70

SHA256: 45ECE8278A1940A01DFD338CCB39B6F0CC179B37D8BF20AE1C5844F74AA732AB

File Size: 688.13 KB, 688128 bytes

MD5: 3cf2228970d1095b907f04e098063d92

SHA1: 9f84fa9f93a502be52101ae41f9a19a02e7c7785

SHA256: 1D9B810D07B0DA551D1F5B63315F0C728E8CB2E996DB066BB2EAFBE804E352CD

File Size: 712.70 KB, 712704 bytes

MD5: d460249a32b00ef6643571057e8cb9d3

SHA1: 652bd13ca8bf058e02db4d236c06d91447ff054b

SHA256: DFC4785D42732270C84396F376A4FF5A2A366B4EA484E2406854E73B7141BF5A

File Size: 327.68 KB, 327680 bytes

MD5: a40f1f72d56c74624b9010969e194170

SHA1: 56344f8a498932409b8577f7a183db0f72657d9b

SHA256: BB30175D632887220DE3A8CE0C3366810B41B4A9B76B52CB80F511FF9E64DA5B

File Size: 327.68 KB, 327680 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have resources
File doesn't have security information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)

File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

HighEntropy
No Version Info
x86

Block Information

Total Blocks:	690
Potentially Malicious Blocks:	442
Whitelisted Blocks:	248
Unknown Blocks:	0

Visual Map

x x x x x x x x x x x x x x x x x 0 x x x 0 x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x 0 x x 0 x x x 0 x x x 1 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x 0 x x x x x x x x 0 x x x x x x 0 x x x x x x x 0 x x 0 x 0 0 x x x x x x x 0 0 x x x x x x x x x 0 x x 0 0 x x x x x x x x 0 x x x 0 x x x x x x x x x x x x x x x x x 0 x 0 x x 0 x x x x x x x x x x 0 x 0 x x x x x x x 0 x x x 0 x x x x x x x x x 0 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 0 x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x 0 x x x x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x x 0 0 0 x x x x x x x x x x 0 0 x x 0 0 x x x x x x x x x x x x x 0 0 0 x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x 0 x x 0 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Pykspa.A
Pykspa.AB

Files Modified

File	Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.0.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\hobyfs.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\hobyfs.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\hobyfs.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ucqowkn	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ucqowkn.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\ucqowkn.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\ucqowkn.exe	Synchronize,Write Attributes

c:\users\user\appdata\local\temp\ucqowkn\asqyqobxgzchyraya	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ucqowkn\uooysshfqloypnelstt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ucqowkn\uooysshfqluqeqfjrcl	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ucqowkn\uooysshfqlynetgertq	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\ucqowkn\wsugcevvifmofxsbfatja	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\wcokq.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\wcokq.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\wcokq.exe	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\winlogon::shell	Explorer.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::oasugyfvylg	uooysshfqloypnelstt.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lyruhaizdrnq	jcbkdcqnxrtcspflrr.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::kyswkenfkzwal	tkhofcojrjjqeznr.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::lavapkuntjhmyr	asqyqobxgzaixtins.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::oeagwsdxevuanhu	asqyqobxgzaixtins.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::asqyqobxgzaixtins	C:\Users\Lyzsmtih\AppData\Local\Temp\uooysshfqloypnelstt.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::tkhofcojrjjqeznr	C:\Users\Lyzsmtih\AppData\Local\Temp\asqyqobxgzaixtins.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::tevwhyetvh	C:\Users\Lyzsmtih\AppData\Local\Temp\jcbkdcqnxrtcspflrr.exe	RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\run::oasugyfvylg	C:\Users\Lyzsmtih\AppData\Local\Temp\jcbkdcqnxrtcspflrr.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::lyruhaizdrnq	C:\Users\Lyzsmtih\AppData\Local\Temp\jcbkdcqnxrtcspflrr.exe .	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioradmin		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioruser		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enableinstallerdetection		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablesecureuiapaths		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablevirtualization		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::promptonsecuredesktop		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::validateadmincodesignatures		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::filteradministratortoken		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\explorer::nodrivetypeautorun		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer::nodrivetypeautorun		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall::checkedvalue		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\winlogon::shell	Explorer.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::oasugyfvylg	hcdojkazlhlwonfnvxyl.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lyruhaizdrnq	asqyqobxgzaixtins.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::kyswkenfkzwal	hcdojkazlhlwonfnvxyl.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::lavapkuntjhmyr	tkhofcojrjjqeznr.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::oeagwsdxevuanhu	tkhofcojrjjqeznr.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::asqyqobxgzaixtins	C:\Users\Lyzsmtih\AppData\Local\Temp\asqyqobxgzaixtins.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::tkhofcojrjjqeznr	C:\Users\Lyzsmtih\AppData\Local\Temp\asqyqobxgzaixtins.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::tevwhyetvh	C:\Users\Lyzsmtih\AppData\Local\Temp\wsugcevvifkwppiradfta.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::oasugyfvylg	C:\Users\Lyzsmtih\AppData\Local\Temp\tkhofcojrjjqeznr.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::lyruhaizdrnq	C:\Users\Lyzsmtih\AppData\Local\Temp\asqyqobxgzaixtins.exe .	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioradmin		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioruser		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enableinstallerdetection		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablesecureuiapaths		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablevirtualization		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::promptonsecuredesktop		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::validateadmincodesignatures		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::filteradministratortoken		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\explorer::nodrivetypeautorun		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer::nodrivetypeautorun		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall::checkedvalue		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\winlogon::shell	Explorer.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::oasugyfvylg	hcdojkazlhlwonfnvxyl.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lyruhaizdrnq	jcbkdcqnxrtcspflrr.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::kyswkenfkzwal	wsugcevvifkwppiradfta.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::lavapkuntjhmyr	asqyqobxgzaixtins.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::oeagwsdxevuanhu	jcbkdcqnxrtcspflrr.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::asqyqobxgzaixtins	C:\Users\Lyzsmtih\AppData\Local\Temp\uooysshfqloypnelstt.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::tkhofcojrjjqeznr	C:\Users\Lyzsmtih\AppData\Local\Temp\jcbkdcqnxrtcspflrr.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::tevwhyetvh	C:\Users\Lyzsmtih\AppData\Local\Temp\hcdojkazlhlwonfnvxyl.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::oasugyfvylg	C:\Users\Lyzsmtih\AppData\Local\Temp\wsugcevvifkwppiradfta.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::lyruhaizdrnq	C:\Users\Lyzsmtih\AppData\Local\Temp\wsugcevvifkwppiradfta.exe .	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioradmin		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioruser		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enableinstallerdetection		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablesecureuiapaths		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablevirtualization		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::promptonsecuredesktop		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::validateadmincodesignatures		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::filteradministratortoken		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\explorer::nodrivetypeautorun		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer::nodrivetypeautorun		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall::checkedvalue		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\winlogon::shell	Explorer.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::oasugyfvylg	uooysshfqloypnelstt.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lyruhaizdrnq	hcdojkazlhlwonfnvxyl.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::kyswkenfkzwal	tkhofcojrjjqeznr.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::lavapkuntjhmyr	jcbkdcqnxrtcspflrr.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::oeagwsdxevuanhu	tkhofcojrjjqeznr.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::asqyqobxgzaixtins	C:\Users\Lyzsmtih\AppData\Local\Temp\asqyqobxgzaixtins.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::tkhofcojrjjqeznr	C:\Users\Lyzsmtih\AppData\Local\Temp\jcbkdcqnxrtcspflrr.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::tevwhyetvh	C:\Users\Lyzsmtih\AppData\Local\Temp\hcdojkazlhlwonfnvxyl.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::oasugyfvylg	C:\Users\Lyzsmtih\AppData\Local\Temp\wsugcevvifkwppiradfta.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::lyruhaizdrnq	C:\Users\Lyzsmtih\AppData\Local\Temp\asqyqobxgzaixtins.exe .	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::disableregistrytools		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioradmin		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::consentpromptbehavioruser		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enableinstallerdetection		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablesecureuiapaths		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablevirtualization		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::promptonsecuredesktop		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::validateadmincodesignatures		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::filteradministratortoken		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\policies\explorer::nodrivetypeautorun		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer::nodrivetypeautorun		RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall::checkedvalue		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::antivirusoverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::firewalloverride		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::uacdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::antivirusdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::firewalldisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\security center::updatesdisablenotify		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\winlogon::shell	Explorer.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::oasugyfvylg	wsugcevvifkwppiradfta.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lyruhaizdrnq	wsugcevvifkwppiradfta.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::kyswkenfkzwal	jcbkdcqnxrtcspflrr.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::lavapkuntjhmyr	jcbkdcqnxrtcspflrr.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::oeagwsdxevuanhu	hcdojkazlhlwonfnvxyl.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::asqyqobxgzaixtins	C:\Users\Lyzsmtih\AppData\Local\Temp\tkhofcojrjjqeznr.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::oasugyfvylq	hcdojkazlhvldthguxvh.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lyruhaizdrxf	uooysshfqlynetgertq.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::kyswkenfkzgpa	wsugcevvifulevkkzdcpa.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::lavapkuntjrbnx	uooysshfqlynetgertq.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::oeagwsdxevepcnw	tkhofcojrjtftfpk.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::asqyqobxgzkxmzkgr	C:\Users\Flzexbsc\AppData\Local\Temp\hcdojkazlhvldthguxvh.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::tkhofcojrjtftfpk	C:\Users\Flzexbsc\AppData\Local\Temp\tkhofcojrjtftfpk.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::tevwhyetvh	C:\Users\Flzexbsc\AppData\Local\Temp\wsugcevvifulevkkzdcpa.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::oasugyfvylq	C:\Users\Flzexbsc\AppData\Local\Temp\hcdojkazlhvldthguxvh.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::lyruhaizdrxf	C:\Users\Flzexbsc\AppData\Local\Temp\asqyqobxgzkxmzkgr.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lyruhaizdrxf	hcdojkazlhvldthguxvh.exe .	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::lavapkuntjrbnx	asqyqobxgzkxmzkgr.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::oeagwsdxevepcnw	asqyqobxgzkxmzkgr.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::asqyqobxgzkxmzkgr	C:\Users\Flzexbsc\AppData\Local\Temp\asqyqobxgzkxmzkgr.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::tkhofcojrjtftfpk	C:\Users\Flzexbsc\AppData\Local\Temp\asqyqobxgzkxmzkgr.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::tevwhyetvh	C:\Users\Flzexbsc\AppData\Local\Temp\uooysshfqlynetgertq.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::oasugyfvylq	C:\Users\Flzexbsc\AppData\Local\Temp\tkhofcojrjtftfpk.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::lyruhaizdrxf	C:\Users\Flzexbsc\AppData\Local\Temp\jcbkdcqnxrdrhvheqr.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::oasugyfvylq	asqyqobxgzkxmzkgr.exe	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::kyswkenfkzgpa	jcbkdcqnxrdrhvheqr.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::asqyqobxgzkxmzkgr	C:\Users\Flzexbsc\AppData\Local\Temp\uooysshfqlynetgertq.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::oasugyfvylq	C:\Users\Flzexbsc\AppData\Local\Temp\wsugcevvifulevkkzdcpa.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::lyruhaizdrxf	C:\Users\Flzexbsc\AppData\Local\Temp\uooysshfqlynetgertq.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lyruhaizdrxf	wsugcevvifulevkkzdcpa.exe .	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::lavapkuntjrbnx	tkhofcojrjtftfpk.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::oeagwsdxevepcnw	jcbkdcqnxrdrhvheqr.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::tkhofcojrjtftfpk	C:\Users\Flzexbsc\AppData\Local\Temp\hcdojkazlhvldthguxvh.exe .	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::lyruhaizdrxf	C:\Users\Flzexbsc\AppData\Local\Temp\tkhofcojrjtftfpk.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::kyswkenfkzysb	hcdojkazlhnoevpxaumb.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lavapkuntjjeoz	tkhofcojrjliuhxb.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::oeagwsdxevwsdpe	uooysshfqlqqfvovxqh.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::tkhofcojrjliuhxb	tkhofcojrjliuhxb.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::asqyqobxgzcanbsxx	hcdojkazlhnoevpxaumb.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::uooysshfqlqqfvovxqh	C:\Users\Yhhwkxjc\AppData\Local\Temp\wsugcevvifmofxsbfatja.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::jcbkdcqnxrvuixpvwo	C:\Users\Yhhwkxjc\AppData\Local\Temp\uooysshfqlqqfvovxqh.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::lyruhaizdrpi	C:\Users\Yhhwkxjc\AppData\Local\Temp\jcbkdcqnxrvuixpvwo.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::kyswkenfkzysb	C:\Users\Yhhwkxjc\AppData\Local\Temp\tkhofcojrjliuhxb.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::lavapkuntjjeoz	C:\Users\Yhhwkxjc\AppData\Local\Temp\uooysshfqlqqfvovxqh.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::kyswkenfkzysb	asqyqobxgzcanbsxx.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lavapkuntjjeoz	jcbkdcqnxrvuixpvwo.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::oeagwsdxevwsdpe	asqyqobxgzcanbsxx.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::tkhofcojrjliuhxb	hcdojkazlhnoevpxaumb.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::asqyqobxgzcanbsxx	asqyqobxgzcanbsxx.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::uooysshfqlqqfvovxqh	C:\Users\Yhhwkxjc\AppData\Local\Temp\tkhofcojrjliuhxb.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::jcbkdcqnxrvuixpvwo	C:\Users\Yhhwkxjc\AppData\Local\Temp\wsugcevvifmofxsbfatja.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::lyruhaizdrpi	C:\Users\Yhhwkxjc\AppData\Local\Temp\wsugcevvifmofxsbfatja.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::kyswkenfkzysb	C:\Users\Yhhwkxjc\AppData\Local\Temp\jcbkdcqnxrvuixpvwo.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::lavapkuntjjeoz	C:\Users\Yhhwkxjc\AppData\Local\Temp\tkhofcojrjliuhxb.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::kyswkenfkzysb	jcbkdcqnxrvuixpvwo.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lavapkuntjjeoz	hcdojkazlhnoevpxaumb.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::oeagwsdxevwsdpe	hcdojkazlhnoevpxaumb.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::tkhofcojrjliuhxb	wsugcevvifmofxsbfatja.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::asqyqobxgzcanbsxx	wsugcevvifmofxsbfatja.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::uooysshfqlqqfvovxqh	C:\Users\Yhhwkxjc\AppData\Local\Temp\hcdojkazlhnoevpxaumb.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::lavapkuntjjeoz	C:\Users\Yhhwkxjc\AppData\Local\Temp\wsugcevvifmofxsbfatja.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::akaakaftu	uooysshfqlqxqlwwavk.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::tevwhyetvh	wsugcevvifmvqnacifwga.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::oasugyfvyli	jcbkdcqnxrvbtnxwzt.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::lyruhaizdrpp	tkhofcojrjlpfxfc.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::kyswkenfkzyzm	tkhofcojrjlpfxfc.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::oeagwsdxevwzofm	C:\Users\Aftkvpmr\AppData\Local\Temp\jcbkdcqnxrvbtnxwzt.exe	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::lavapkuntjjlzp	C:\Users\Aftkvpmr\AppData\Local\Temp\tkhofcojrjlpfxfc.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::jshgpeiv	C:\Users\Aftkvpmr\AppData\Local\Temp\jcbkdcqnxrvbtnxwzt.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::akaakaftu	C:\Users\Aftkvpmr\AppData\Local\Temp\hcdojkazlhnvplxydzpy.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\runonce::tevwhyetvh	C:\Users\Aftkvpmr\AppData\Local\Temp\hcdojkazlhnvplxydzpy.exe .	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\runonce::tevwhyetvh	asqyqobxgzchyraya.exe .	RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\explorer\run::oasugyfvyli	asqyqobxgzchyraya.exe	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\run::lyruhaizdrpp	wsugcevvifmvqnacifwga.exe	RegNtPreCreateKey

37 additional registry modifications are not displayed above.

Windows API Usage

Category	API
User Data Access	GetComputerName
Network Winsock2	WSAStartup

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Trojan.Pykspa.A

Threat Scorecard

EnigmaSoft Threat Scorecard

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Submit Comment

Trending

Trojan.Agent.LFB

Trojan.PrintSpoofer.D

Trojan.Agent.IFSC

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen

How to Fix 'macOS cannot verify that this app is...