Advances, Systems and Applications
From: Volatile Kernel Rootkit hidden process detection in cloud computing
S.No | Rootkit s name | Rootkits size | Hidden Operation | process |
---|---|---|---|---|
1 | Win32:Agent-WXK | 6.84 kb | GoogleCrashHandler64.exe | 26 |
2 | Form.fam | 676 kb | LiteAgent.exe | 26 |
3 | Virus.Boot.ASBV | 29 kb | wininit.exe | 27 |
4 | W32/Trojan2.NFKE | 82.5 kb | inetinfo.exe | 29 |
5 | NYB | 791 kb | chrome.exe | 37 |
6 | HackTool/Perl.CleanLog | 22.86kb | lsass.exe | 29 |
7 | Rootkit.Win32.Agent.enz | 79 b | Svchost.exe | 22 |
8 | Rootkit.Win32.Agent.fht | 8 kb | dllhost.exe | 29 |
9 | Rootkit.Win32.Agent.xp | 122 kb | rdpclip.exe | 29 |
10 | Rootkit.Win32.Qandr.ac | 1.27 mb | Taskhost.exe | 25 |
11 | Rootkit.Win32.Qandr.ak | 88 kb | LogonUI.exe | 24 |
12 | bakuryu | 46 kb | taskhostex.exe | 23 |
13 | shell.jpg | 27 kb | WUDFHost.exe | 29 |
14 | f6e671d8630df5d8045ff4243da94f74 | 1 kb | MpUXSrv.exe | 26 |
15 | afe8df184dccf6db48cf27916d0d0da6 | 5 kb | Svchost.exe | 29 |
16 | 6eddd98e0463acaa3aa0eeab26b1d3c9 | 142 b | Taskhost.exe | 24 |
17 | 80da4801d2b70d7044e9d660a05c676 | 109 b | Dllhost.exe | 25 |
18 | 4356aded80ee30d1f85321ecc28694b3 | 519 b | Scchost.exe | 25 |
19 | e08de794d84c472b1fd9a862bd729556 | 519 b | Vmtoolsd.exe | 27 |