Threat Database Trojans Trojan.Variant of KorAd

Trojan.Variant of KorAd

By CagedTech in Trojans

Threat Scorecard

Threat Level: 90 % (High)
Infected Computers: 3,469
First Seen: October 30, 2013
Last Seen: September 13, 2023
OS(es) Affected: Windows

SpyHunter Detects & Remove Trojan.Variant of KorAd

File System Details

Trojan.Variant of KorAd may create the following file(s):
# File Name MD5 Detections
1. vcodecsvc.exe ebbc5eb5ccc24810ab155626b471f184 2,933
2. vcodecsvc.exe bc0a8a487f0ac777b4840585ee2efe3d 149
3. hcsvc.exe 896f30908ce09190d8ad9bedec4a0535 29
4. file.exe a71edf9f96c3a4466b617b19e52b256e 2
5. hcpop.exe 1c470a7574db3dee217c6793b3ad49e3 1
6. Window modus.exe eb049974f01857fc5b0d1f5021a30d66 0

Registry Details

Trojan.Variant of KorAd may create the following registry entry or registry entries:
CLSID
{2402B2ED-0F0A-4E5F-89A2-8BD09140352C}
{FD532C54-FC82-4C97-9E7C-FB4397203A44}
SOFTWARE\Classes\AppID\WindowmodusUpdateService.EXE
SOFTWARE\Classes\Wow6432Node\AppID\WindowmodusUpdateService.EXE
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\hcsvc.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Window modus
SOFTWARE\Wow6432Node\Classes\AppID\WindowmodusUpdateService.EXE
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Window modus
SYSTEM\ControlSet001\services\WindowmodusUpdateService
SYSTEM\CurrentControlSet\services\WindowmodusUpdateService

Directories

Trojan.Variant of KorAd may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\Window modus
%ALLUSERSPROFILE%\Window modus

Trending

Most Viewed

Loading...