Backdoor.Win32.Nanspy.f

tag:Backdoors

0 0

This backdoor program is written in Delphi, and packed using UPX. The file is 211520 bytes in size.

Installation

The backdoor copies itself to the system directory as spools.exe. It registers this file in the system registry to ensure that the program is launched each time Windows is rebooted.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spools Service Controller" = "C:\WINNT\System32\spools.exe"

Payload

The backdoor opens two randomly chosen ports and waits for commands from the remote malicious user. Commands can be used to create files, download them from the Internet, reboot the infected computer, conduct DoS attacks using the victim machine, connect to an IRC server as a bot etc.

The backdoor can also function as a proxy server; this function is activated by a command from the remote malicious user.

previous:Backdoor.Win32.Mytobor.b
previous:Backdoor.Win32.Netdex.a

Virus Source from:

New articles

TROJ_ARTIEF.SMThis Trojan exploits the RTF Stack Overflow vulnerability to drop and execute TROJ_INJECT.ART. This Trojan may be unknowingly downloaded by a user while visi...ANDROIDOS_GEINIMI.AThis backdoor may be unknowingly downloaded by a user while visiting malicious websites. Backdoor Routine This backdoor executes the following commands from...P2P-Worm.Win32.BlackControl.gThe malicious program intercepts the user’s requests to various sites and redirects them to a malicious URL. It also contains a tool for sending phishin...Backdoor.Win32.Bredolab.euaA malicious program that receives commands from a management server to download other malware to a computer. To ensure that it is launched automatically when t...Backdoor.Farfli.ABCommonly it commes as an installer so it can drop several files, detected by Bitdefender as adware (Adware.Cinmus) or tojan-downloaders.It modifies the memory o...

Hot Articles

Backdoor.Win32.Nanspy.f

Computer Virus Clounds