SecurityHome.eu Backdoor.Lokidok

Home / malware PDF

Backdoor.Lokidok

First posted on 28 March 2014.
Source: Symantec
Aliases :
There are no other names known for Backdoor.Lokidok.
Explanation :
When the Trojan is executed, it creates the following files: %System%\cvpnd.exe%System%\scardsrv.exe
Next, the Trojan modifies the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\irmon\Parameters\"ServiceDll" = "[THREAT FILE PATH]"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc\Parameters\"ServiceDll" = "[THREAT FILE PATH]"
The Trojan may then perform the following actions: Monitor the network for specially crafted ICMP packetsDecrypt data from ICMP packets and use it as a parameter for running %System%\cmd.exeEncrypt data and send it to the IP address that sent the ICMP packets
Last update 28 March 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Backdoor.Typideg!gen1
Backdoor.Breut!gm
Backdoor:Solaris/Wanukdoor.A
Backdoor.Winnti!gen3
Backdoor.Korplug!gm
Backdoor.Gresim!gen1
Backdoor.Win32.Wisdoor.N
Backdoor:W32/PcClient.YW
Backdoor.Destover
Backdoor.Oldrea!gen1