Author: Sammy Chua   
 

Backdoor:MSIL/Bladabindi.G (Microsoft); UDS:DangerousObject.Multi.Generic (Kaspersky); Win32:Malware-gen (Avast)

 PLATFORM:

Windows

 OVER ALL RISK RATING:
 DAMAGE POTENTIAL::
 DISTRIBUTION POTENTIAL::
 REPORTED INFECTION:
 INFORMATION EXPOSURE:
Low
Medium
High
Critical

  • Threat Type:
    Backdoor

  • Destructiveness:
    No

  • Encrypted:
     

  • In the wild::
    Yes

  OVERVIEW


  TECHNICAL DETAILS

File size: 875,520 bytes
File type: EXE
INITIAL SAMPLES RECEIVED DATE: 11 lutego 2015

Otras modificaciones del sistema

Agrega las siguientes entradas de registro:

HKEY_CURRENT_USER
di = "!"

HKEY_CURRENT_USER\Environment
SEE_MASK_NOZONECHECKS = "1"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{full path and file name of malware} = "{full path and file name of malware}:*:Enabled:{file name of malware}"