Backdoor.Win32.Katien.a

tag:Backdoors

0 0

Katien is a backdoor trojan program. The trojan itself is a Windows PE EXE file about 50KB in length and written in Microsoft Visual C .

Once executed the backdoor program registers itself in the system registry auto-run section:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

The key name depends on the backdoor variant:

TaskReg = %trojan file name% Service = %trojan file name%

Once this is done Katien then opens a backdoor connection and waits for its master's (person controlling the Trojan program) commands. The Katien backdoor program performs just a few commands:

gets a file from a requested URL
runs a command or specified local file
performs a DoS attack on the requested victim address
terminates itself

The backdoor program has copyright strings (lines) depending on the backdoor variant:

Voyager Alpha Force: Age of Kaiten
Kaiten Win32 API version: contem@efnet

next:none
previous:Backdoor.Win32.Kbot.al

Virus Source from:

New articles

TROJ_ARTIEF.SMThis Trojan exploits the RTF Stack Overflow vulnerability to drop and execute TROJ_INJECT.ART. This Trojan may be unknowingly downloaded by a user while visi...ANDROIDOS_GEINIMI.AThis backdoor may be unknowingly downloaded by a user while visiting malicious websites. Backdoor Routine This backdoor executes the following commands from...P2P-Worm.Win32.BlackControl.gThe malicious program intercepts the user’s requests to various sites and redirects them to a malicious URL. It also contains a tool for sending phishin...Backdoor.Win32.Bredolab.euaA malicious program that receives commands from a management server to download other malware to a computer. To ensure that it is launched automatically when t...Backdoor.Farfli.ABCommonly it commes as an installer so it can drop several files, detected by Bitdefender as adware (Adware.Cinmus) or tojan-downloaders.It modifies the memory o...

Hot Articles

Backdoor.Win32.Katien.a

Computer Virus Clounds