Search
Keyword: bkdr_bn.311.eds
This backdoor opens a hidden Internet Explorer window. Installation This backdoor drops the following copies of itself into the affected system: %System%\SPLOOVS.EXE (Note: %System% is the Windows
This backdoor may arrive bundled with malware packages as a malware component. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting
This malware is a component of another malware. It attaches itself to certain processes. It monitors the browsing activities of the user. It exectures certain commands from a remote malicious user.
This malicious DLL file may be installed as a service DLL to enable its automatic execution at startup. This backdoor arrives as a file that exports the functions of other malware/grayware. It may be
This backdoor opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the affected system.
This Backdoor may be dropped by TROJ_DLLSERV.AE. Its main component registers this malicious .DLL file as a service by creating registry entries. It opens Port 8883, where it listens for remote
It monitors user activities and records messages posted to the system message queue, which may include keystrokes. As such, it may be able to steal user information such as user names and passwords.
This remote administration tool (RAT) is the Windows counterpart of the Mac OSX malware that Trend Micro detected as OSX_MUSMINIM.A. This backdoor may be unknowingly downloaded by a user while
This backdoor may arrive bundled with malware packages as a malware component. It may be dropped by other malware. It requires its main component to successfully perform its intended routine. Arrival
This malicious DLL file connects to command and control (C&C) servers and sends an HTTP GET request. It performs backdoor routines. Specifically, it steals and clears cookies. It downloads and
It monitors user activities and records messages posted to the system message queue which may include keystrokes to steal user information such as user names and passwords. This backdoor may be
Other Details This backdoor does the following: This is the detection of Trend Micro for damaged samples of BKDR_QAKBOT variants. The said samples have coding errors that prevent this Backdoor from
This backdoor is noteworthy as it poses as an installer of Facebook messenger. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below. This
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It opens a random port to allow a remote user to
Other Details This backdoor connects to the following possibly malicious URL: http://{BLOCKED}.{BLOCKED}.184.42/AES{random}.jsp?{random}
This backdoor opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the affected system.
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It opens a random port to allow a remote user to
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It opens a random port to allow a remote user to
This backdoor connects to a website to send and receive information. However, as of this writing, the said sites are inaccessible. Backdoor Routine This backdoor connects to the following websites to
This backdoor is a command line tool which is capable of redirecting network traffic from a port to another port. This backdoor may arrive bundled with malware packages as a malware component. It may