Home / malware Backdoor.Remexi
First posted on 10 November 2015.
Source: SymantecAliases :
There are no other names known for Backdoor.Remexi.
Explanation :
The Trojan can be installed by the user or by other malware.
Once executed, the Trojan creates the following files:
%System%\sea.dll
%Temp%\WIN[RANDOM FILE NAME].tmp
Next, it creates the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SEA
The Trojan then opens a back door on the compromised computer and connects to the following remote location:
5.39.44.16:443
Note: The remote location is configurable and may change.
The Trojan may then perform malicious activities on the compromised computer.Last update 10 November 2015
