Backdoor.Win32.DASERF.A
Backdoor:Win32/Daserf.A (MICROSOFT); Trojan.Win32.Generic.pak!cobra (SUNBELT)
Windows
Threat Type: Backdoor
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
27,648 bytes
EXE
Yes
19 Feb 2020
Arrival Details
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Dropping Routine
This Backdoor drops the following files:
- %User Temp%\KB2791997.log
- %User Temp%\perfc091.dat
- %User Temp%\perfh091.dat
(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).)
Other Details
This Backdoor connects to the following possibly malicious URL:
- http://key.{BLOCKED}upper.info