Home / malware

PDF

Backdoor:Win32/Homutex.A.dll

First posted on 06 July 2010.
Source: SecurityHome

Aliases :

Backdoor:Win32/Homutex.A.dll is also known as Win-Trojan/Jexprox.19456.B (AhnLab), W32/Trojan.DNV (Authentium (Command)), Trojan-Downloader.Win32.Jexprox.a (Kaspersky), W32/DLoader.APPJ (Norman), Trojan.Downloader.Jexprox.A (BitDefender), Trojan.DownLoad1.44740 (Dr.Web), Win32/TrojanDownloader.Jexprox.A (ESET), BackDoor-CZX (McAfee), Backdoor.Homutex (Symantec), BKDR_HOMUTEX.B (Trend Micro).

Explanation :

Backdoor:Win32/Homutex.A.dll is a malicious Windows Sockets 2 transport service provider backdoor trojan.
Top

Backdoor:Win32/Homutex.A.dll is a malicious Windows Sockets 2 transport service provider backdoor trojan. Installation Backdoor:Win32/Homutex.A.dll is installed by TrojanDropper:Win32/Homutex.A as the following file:

<system folder>\abcedg.dll

Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. Payload Allows backdoor access and control Backdoor:Win32/Homutex.A.dll may contact a remote website (218.57.142.211) and do the following actions:

Read/write files

Download/run files

Get drive/files information

Create/remove folders

Open a command shell backdoor

Get screenshots

Get Microsoft Windows version

Analysis by Jireh Sanico

Last update 06 July 2010

 

TOP