Home / malware VirTool:WinNT/Exforel.A
First posted on 06 December 2012.
Source: MicrosoftAliases :
VirTool:WinNT/Exforel.A is also known as W32/Rootkit.EORP (Norman).
Explanation :
VirTool:WinNT/Exforel.A is malware that allows unauthorized access and control of your computer.
Installation
VirTool:WinNT/Exforel.A is installed as a driver by other components of the Exforel family, such as Trojan:Win32/Exforel.A. In the wild, we have observed it with the file name "ndisxapi.sys".
Payload
Allows backdoor access and control
VirTool:WinNT/Exforel.A allows unauthorized access and control of your computer.
An attacker can perform any number of different actions on your computer using VirTool:WinNT/Exforel.A. This includes the following actions:
- Uploading files
- Downloading files
- Running files
- Routing TCP/IP traffic
Additional information
VirTool:WinNT/Exforel.A uses low-level network function hooks - at the NDIS (Network Driver Interface Specification) level - and may not be noticeable by normal user-mode applications.
Analysis by Chun Feng
Last update 06 December 2012
