Home / malwarePDF  

Backdoor:Win32/Zegost.BD


First posted on 26 November 2013.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win32/Zegost.BD.

Explanation :

Threat behavior Backdoor:Win32/Zegost.BD is a trojan that allows unauthorized access and control of an affected computer.

Installation

When it runs, Backdoor:Win32/Zegost.BD copies itself to %windir%\068be3c7\svchsot.exe. The malware modifies the following registry entry so that it runs each time you start your PC:

Adds value: "068BE3C7"
With data: "c:\windows\068be3c7\svchsot.exe"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run The malware creates the following files on your computer:

  • %windir%\tasks\at10.job
  • %windir%\tasks\at11.job
  • %windir%\tasks\at12.job
  • %windir%\tasks\at13.job
  • %windir%\tasks\at14.job
  • %windir%\tasks\at15.job
  • %windir%\tasks\at16.job
  • %windir%\tasks\at17.job
  • %windir%\tasks\at18.job
  • %windir%\tasks\at19.job
  • %windir%\tasks\at20.job
  • %windir%\tasks\at21.job
  • %windir%\tasks\at22.job
  • %windir%\tasks\at23.job
  • %windir%\tasks\at24.job
  • %windir%\tasks\at7.job
  • %windir%\tasks\at8.job
  • %windir%\tasks\at9.job


Payload

Allows backdoor access and control
Backdoor:Win32/Zegost.BD allows unauthorized access and control of your PC. A hacker can perform a number of different actions, including:
  • Downloading and runnning files
  • Uploading files
  • Spreading to other computers
  • Logging your keystrokes or stealing your sensitive data
  • Modifying your system settings
  • Running or terminating applications
  • Deleting files

This malware description was produced and published using our automated analysis system's examination of file SHA1 86d565b9efa9f5bfe1053e435db343d3a4cb5993.Symptoms

System changes

The following could indicate that you have this threat on your PC:

  • The presence of the following files:

%windir%\068be3c7\svchsot.exe
%windir%\tasks\at10.job
%windir%\tasks\at11.job
%windir%\tasks\at12.job
%windir%\tasks\at13.job
%windir%\tasks\at14.job
%windir%\tasks\at15.job
%windir%\tasks\at16.job
%windir%\tasks\at17.job
%windir%\tasks\at18.job
%windir%\tasks\at19.job
%windir%\tasks\at20.job
%windir%\tasks\at21.job
%windir%\tasks\at22.job
%windir%\tasks\at23.job
%windir%\tasks\at24.job
%windir%\tasks\at7.job
%windir%\tasks\at8.job
%windir%\tasks\at9.job
  • You see these entries or keys in your registry:
Adds value: "068BE3C7"
With data: "c:\windows\068be3c7\svchsot.exe"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Last update 26 November 2013

 

TOP

Malware :

Family: