Hesive.c is a backdoor that provides the attacker with unauthorized remote access to the compromised computer. It allows the intruder to download, upload and run arbitrary files, execute system commands, terminate running processes, modify system configuration through the registry, get system and network information. Hesive.c injects malicious code into legitimate system processes. It also uses a rootkit to hide all its files and registry entries.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceszrwchrhuHKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETENUMROOTLEGACY_ZRWCHRHUHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesdmserverParametersServiceDll=percentSystempercentzrwchrhu.dllHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun(default)=rundll32.exe percentSystempercentzrwchrhu.dll, Do98Work