Home / malwarePDF  

Backdoor:Win32/Difeqs.gen


First posted on 10 August 2019.
Source: Microsoft

Aliases :

Backdoor:Win32/Difeqs.gen is also known as Win32/Kongrid.A, Trojan.Win32.Agent.ado, BackDoor-DIQ, Trojan-PSW.Win32.Hooker.c, Infostealer, Mal_Banker.

Explanation :

Backdoor:Win32/Difeqs.gen is as trojan that has backdoor capabilities. InstallationBackdoor:Win32/Difeqs.gen drops a copy of itself in the Windows system folder using various file names, for example, cscripts.exe or conpre.exe. It modifies the system registry so that it automatically runs every time Windows starts, for example:
Adds value: "cscripts"
With data: "cscripts.exe"
To subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRun Note - refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:WinntSystem32; and for XP and Vista is C:WindowsSystem32.  It injects a DLL file, which is part of its malware package, into the explorer.exe process. Payload Backdoor CapabilitiesBackdoor:Win32/Difeqs.gen may try to connect to various websites to send information. These sites include: lnobley.meibu.com owner.kbvsat.com It may try to send information about the infected system as fake UDP DNS queries to the remote server in dnsname.3322.org.  Analysis by Andrei Florin Saygo

Last update 10 August 2019

 

TOP