Home / malware

PDF

Backdoor:Win32/Bdaejec.B

First posted on 09 October 2013.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win32/Bdaejec.B.

Explanation :

Threat behavior

Installation

Backdoor:Win32/Bdaejec.B creates the following files:

• c:\documents and settings\administrator\local settings\temp\qd.ini

Payload

Modifies system security settings

Backdoor:Win32/Bdaejec.B adds itself to the list of applications that are authorized to access the Internet without being stopped by the Firewall. It does this by making the following registry modification:

Adds value: "<malware file>.exe"
With data: "<malware file>.exe:*:enabled:qvod"
To subkey: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List Allows backdoor access and control

The malware allows unauthorized access and control of your PC. A hacker can perform any number of different actions using Backdoor:Win32/Bdaejec.B. This could include, but is not limited to, the following actions:

• Download and run files
• Upload files
• Spread to other computers using various methods of propagation
• Log keystrokes or steal sensitive data
• Modify system settings
• Run or terminate applications
• Delete files

This malware description was produced and published using our automated analysis system's examination of file SHA1 ed77eb2859c4e29ad90411a6320848c24f6da3bb.Symptoms

System changes

The following system changes may indicate the presence of this malware:

• The presence of the following files:
  
  c:\documents and settings\administrator\local settings\temp\qd.ini

• The presence of the following registry modifications:

Adds value: "<malware file>.exe"
With data: "<malware file>.exe:*:enabled:qvod"
To subkey: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Last update 09 October 2013

 

TOP