SecurityHome.eu Backdoor:Win32/Wkysol.B

Home / malware PDF

Backdoor:Win32/Wkysol.B

First posted on 07 January 2012.
Source: Microsoft
Aliases :
Backdoor:Win32/Wkysol.B is also known as Backdoor/Win32/CSon (AhnLab), TR/Wisp.32768.A.2 (Avira), BackDoor.Terapy.3 (Dr.Web), Trojan.Win32.Wisp (Ikarus), Backdoor.Win32.Sykipot.bm (Kaspersky).
Explanation :
Backdoor:Win32/Wkysol.B is a trojan that communicates with a remote server to allow remote access and control of an affected computer.
Top

Backdoor:Win32/Wkysol.B is a trojan that communicates with a remote server to allow remote access and control of an affected computer.

Installation
This trojan component is installed by variants of Win32/Wkysol and is a known component the following malware:

Backdoor:Win32/Wkysol.A

Backdoor:Win32/Wkysol.C

Backdoor:Win32/Wkysol.D

Backdoor:Win32/Wkysol.E

Backdoor:Win32/Wkysol.F
This malware is injected into the following processes:

outlook.exe - Microsoft Outlook email application

iexplorer.exe - Microsoft Internet Explorer web browser

firefox.exe - Mozilla Firefox web browser

Payload
Downloads component updatesAt the start of execution, Backdoor:Win32/Wkysol.B updates the following components in the system by connecting to the domain "racingfax.com" and downloading files:

%TEMP%\gfaxm.dat

%TEMP%\pfaxm.dat

%TEMP%\tgfaxm.dat

%TEMP%\tpfaxm.dat
Allows remote access and control Backdoor:Win32/Wkysol.B allows a remote attacker to perform the following actions against an affected computer:

Change the port number of the terminal server

Run a file or application

Delete a file

Create a command shell

Run or terminate a process

Reboot the computer

Analysis by Patrick Estavillo
Last update 07 January 2012

TOP

Malware :

Last 20

Backdoor:Win32/Wkysol.B

Aliases :

Explanation :

Malware :

Family: