Home / malwarePDF  

Backdoor:Win32/Zegost.B


First posted on 15 February 2019.
Source: Microsoft

Aliases :

Backdoor:Win32/Zegost.B is also known as W32/BackdoorX.DYQT, BackDoor.Agent.AHGH, BDS/Agent.avvc.1, Win32/Redosdru.CP, Trojan-PWS.Win32.Bjlog, Backdoor.Win32.Agent.avvc, Mal/Zegost-E.

Explanation :

Backdoor:Win32/Zegost.B is the detection for malware that may be used by remote attackers to gain access to the computer in which it is installed. Installation Once installed, it attaches its code to the following legitimate Windows process:   svchost.exe Payload Allows backdoor access and control Backdoor:Win32/Zegost.B connects to the following remote server to send and receive data via HTTP transactions:   xx0518.3322.org   From this server, it may receive commands such as the following:   Copying, executing, downloading, and deleting files Gathering information from the RAS phonebook Capturing screenshots   Analysis by Marianne Mallen

Last update 15 February 2019

 

TOP