BKDR_BLBINDI.NTB
Backdoor:MSIL/Bladabindi.G (Microsoft); UDS:DangerousObject.Multi.Generic (Kaspersky); Win32:Malware-gen (Avast)
Windows
Threat Type: Backdoor
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
875,520 bytes
EXE
11 Feb 2015
Arrival Details
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Other System Modifications
This backdoor adds the following registry entries:
HKEY_CURRENT_USER
di = "!"
HKEY_CURRENT_USER\Environment
SEE_MASK_NOZONECHECKS = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{full path and file name of malware} = "{full path and file name of malware}:*:Enabled:{file name of malware}"
Other Details
This backdoor connects to the following possibly malicious URL:
- {BLOCKED}.{BLOCKED}.82.200