Home / malware Backdoor.IRC.Azbot
First posted on 02 December 2014.
Source: SymantecAliases :
There are no other names known for Backdoor.IRC.Azbot.
Explanation :
The Trojan may arrive as a self extracting rar archive.
When the Trojan is executed, it creates the following files:
%System%/vga.exe%System%/mswinsck.ocx
The Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"VideoDriver" = "%SYSTEM%\vga.exe"
The Trojan is an IRC bot and connects to the following remote location:
209.54.57.97 on port 7777 (joins #x1 channel)
The Trojan may then perform the following actions:
KeyloggingCreate or remove directoriesExecute a programTerminate the TrojanExecute IRC commands (eg. kick, ban, op)Last update 02 December 2014
