Home / malwarePDF  

Backdoor:Win32/Havex.B!dha


First posted on 22 May 2019.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win32/Havex.B!dha.

Explanation :

Installation The threat copies itself to svcprocess044.dll.   The malware changes the following registry entries so that it runs each time you start your PC:

In subkey: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
Sets value: "svcprocess"
With data: "rundll32 "c:windowssystem32svcprocess044.dll", rundllentry"   The malware creates the following files on your PC:
c:documents and settingsadministratorlocal settings empqln.dbx   The malware uses code injection to make it harder to detect and remove. It can inject code into running processes, including the following:

explorer.exe Payload Allows backdoor access and control   This threat gives a hacker access and control of your PC. They can then perform a number of different actions, including:
Downloading and running files Uploading files Spreading malware to other PCs Logging your keystrokes or stealing your sensitive data Modifying your system settings Running or stopping applications Deleting files
This malware description was produced and published using automated analysis of file SHA1 9f19c2ffd46603aac7e82a6c6f86d4fcc56b1d2d.

Last update 22 May 2019

 

TOP