Backdoor.Win32.Jix.a

tag:Backdoors

0 0

This Trojan has a built-in remote administration tool.

The program itself is a Windows PE EXE file approximately 15KB in size, packed using UPX. The unpacked file is approximately 25KB in size.

Once launched, the Trojan copies itself to the Windows system directory under one of the following names:

%Systemr%\upnphost.exe 
%System%\pnphost.exe 
%System%\winpnp.exe

The backdoor scans other computers for the presence of the LSASS vulnerability and then installs itself on the vulnerable machine.

The backdoor uses TCP port 5533 to transform the victim machine into an FTP server.

The Trojan connects to IRC server 203.167.78.35 in order to receive commands. Once this connection has been established, a malicious remote user will be able to download any file onto the victim machine using the FTP server, launch these files, terminate processes and access information about the computer or its user.

previous:Backdoor.Win32.IRCBot.abc
previous:Backdoor.Win32.Hupigon.bns

Virus Source from:

New articles

TROJ_ARTIEF.SMThis Trojan exploits the RTF Stack Overflow vulnerability to drop and execute TROJ_INJECT.ART. This Trojan may be unknowingly downloaded by a user while visi...ANDROIDOS_GEINIMI.AThis backdoor may be unknowingly downloaded by a user while visiting malicious websites. Backdoor Routine This backdoor executes the following commands from...P2P-Worm.Win32.BlackControl.gThe malicious program intercepts the user’s requests to various sites and redirects them to a malicious URL. It also contains a tool for sending phishin...Backdoor.Win32.Bredolab.euaA malicious program that receives commands from a management server to download other malware to a computer. To ensure that it is launched automatically when t...Backdoor.Farfli.ABCommonly it commes as an installer so it can drop several files, detected by Bitdefender as adware (Adware.Cinmus) or tojan-downloaders.It modifies the memory o...

Hot Articles

Backdoor.Win32.Jix.a

Computer Virus Clounds