SecurityHome.eu Backdoor:Win32/Zegost.C

Home / malware PDF

Backdoor:Win32/Zegost.C

First posted on 25 July 2015.
Source: Microsoft
Aliases :
There are no other names known for Backdoor:Win32/Zegost.C.
Explanation :
Threat behavior

Installation

This threat is a DLL module that can be injected into clean processes.

It is usually installed and run by other Zegost variants.

Payload

Contacts a remote host

We have seen this threat connect to the following servers:

girlfriend..org on TCP port 9999

phile..org on TCP port 9001

softjohn..us on TCP port 2106

Once connected, the malware can allow a malicious hacker to perform any number of different actions on your PC, including:

Downloading and running files

Logging and recording your keystrokes

Capturing screen shots

Recording audio

Opening a remote command shell

Analysis by Jeong Mun

Symptoms

Alerts from your security software might be the only symptom.

Last update 25 July 2015

TOP

Malware :

Dridex
Shamoon 2
Hitler-Ransomware
Trojan.Win32.Vicepass.A
ButterflyBot.A

Last 20

Family:

Backdoor:Win32/Zegost.CK
Backdoor:Win32/Zegost.DS
Backdoor:Win32/Zegost.DB
Backdoor:Win32/Zegost.CG
Backdoor:Win32/Zegost.CN
Backdoor:Win32/Zegost.CZ
Backdoor:Win32/Zegost.DQ
Backdoor:Win32/Zegost.C
Backdoor:Win32/Zegost.CR
Backdoor:Win32/Zegost.DT