SecurityHome.eu HackTool:WinNT/Tcpz.C

Home / malware PDF

HackTool:WinNT/Tcpz.C

First posted on 09 August 2011.
Source: SecurityHome
Aliases :
HackTool:WinNT/Tcpz.C is also known as Tool.TcpZ (Dr.Web), Win32/TCPZ.D application (ESET), TCP-Z TCP Patch and Monitor (Sophos), Hacktool.Rootkit (Symantec).
Explanation :
HackTool:WinNT/Tcpz.C is a device driver that modifies the Windows TCP/IP stack device driver to change the concurrent TCP connection attempts limit.

Top

HackTool:WinNT/Tcpz.C is a device driver that modifies the Windows TCP/IP stack device driver to change the concurrent TCP connection attempts limit.

Payload

Modifies system settings
HackTool:WinNT/Tcpz.C modifies the file "tcpip.sys" in memory to increase the default concurrent TCP connection attempts limit.

Additional Information

In the wild, we have observed HackTool:WinNT/Tcpz.C to be installed onto affected computers by Trojan:Win32/Nitol.A.

Analysis by Marianne Mallen

Last update 09 August 2011

TOP

Malware :

Last 20

Family:

HackTool:WinNT/Tcpz.C