Home / malwarePDF  

Backdoor.Spedear


First posted on 28 July 2015.
Source: Symantec

Aliases :

There are no other names known for Backdoor.Spedear.

Explanation :

The Trojan may be dropped by other malware.

Once executed, the Trojan creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\nsct
The Trojan then opens a back door on the compromised computer, and may connect to one or more of the following remote locations:
122.9.247.216 118.193.201.97202.133.23.169104.149.93.200
The Trojan may then perform the following actions:
End processesGet list of servicesStart and stop servicesGet free disk space for available drivesList files inside a specified pathRead, write, and execute filesOpen a command shellAct as a proxy server
The Trojan may also read and then delete the following files:
%System%\d3d528n.dll%AllUsersProfile%\Application Data\IconCache.db%AllUsersProfile%\Application Data\IconCache.ini

Last update 28 July 2015

 

TOP