BKDR_FAKEMS.MLP
September 20, 2014
PLATFORM:
Windows
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:
Threat Type: Backdoor
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This backdoor may be dropped by other malware.
TECHNICAL DETAILS
File Size: Varies
File Type: DLL, EXE
Initial Samples Received Date: 19 Sep 2014
Arrival Details
This backdoor may be dropped by other malware.
Installation
This backdoor drops the following files:
- %System%\update.dll
(Note: %System% is the Windows system folder, which is usually C:\Windows\System32.)
Autostart Technique
This backdoor adds the following registry entries to enable its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
CurrentVersion\Run
ppap = "rundll32.exe %System%\update.dll,_update@16"
Other Details
This backdoor connects to the following possibly malicious URL:
- windows.{BLOCKED}date.com