Search
Keyword: bkdr_hupigon.cfm
Other System Modifications This backdoor adds the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\SharedAccess\Parameters\ FirewallPolicy\StandardProfile
This backdoor modifies registry entries to disable various system services. This action prevents most of the system functions to be used. It connects to a website to send and receive information.
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware. Arrival Details
This backdoor arrives as a component bundled with malware/grayware packages. It may be unknowingly downloaded by a user while visiting malicious websites. It is a component of other malware. It may
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It arrives as a component bundled with
This backdoor may be unknowingly downloaded by a user while visiting malicious websites. It may be dropped by other malware. Arrival Details This backdoor may be unknowingly downloaded by a user
This backdoor may arrive bundled with malware packages as a malware component. Arrival Details This backdoor may arrive bundled with malware packages as a malware component. NOTES: It reads its
This backdoor has received attention from independent media sources and/or other security firms. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram
This backdoor opens a hidden Internet Explorer window. Installation This backdoor drops the following copies of itself into the affected system: %System%\SPLOOVS.EXE (Note: %System% is the Windows
This backdoor may arrive bundled with malware packages as a malware component. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting
This malware is a component of another malware. It attaches itself to certain processes. It monitors the browsing activities of the user. It exectures certain commands from a remote malicious user.
This malicious DLL file may be installed as a service DLL to enable its automatic execution at startup. This backdoor arrives as a file that exports the functions of other malware/grayware. It may be
This backdoor opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes commands on the affected system.
This Backdoor may be dropped by TROJ_DLLSERV.AE. Its main component registers this malicious .DLL file as a service by creating registry entries. It opens Port 8883, where it listens for remote
It monitors user activities and records messages posted to the system message queue, which may include keystrokes. As such, it may be able to steal user information such as user names and passwords.
This remote administration tool (RAT) is the Windows counterpart of the Mac OSX malware that Trend Micro detected as OSX_MUSMINIM.A. This backdoor may be unknowingly downloaded by a user while
This backdoor may arrive bundled with malware packages as a malware component. It may be dropped by other malware. It requires its main component to successfully perform its intended routine. Arrival
This malicious DLL file connects to command and control (C&C) servers and sends an HTTP GET request. It performs backdoor routines. Specifically, it steals and clears cookies. It downloads and
It monitors user activities and records messages posted to the system message queue which may include keystrokes to steal user information such as user names and passwords. This backdoor may be
Other Details This backdoor does the following: This is the detection of Trend Micro for damaged samples of BKDR_QAKBOT variants. The said samples have coding errors that prevent this Backdoor from