Home / malwarePDF  

Backdoor:Win32/Homutex.A.dll


First posted on 06 July 2010.
Source: SecurityHome

Aliases :

Backdoor:Win32/Homutex.A.dll is also known as Win-Trojan/Jexprox.19456.B (AhnLab), W32/Trojan.DNV (Authentium (Command)), Trojan-Downloader.Win32.Jexprox.a (Kaspersky), W32/DLoader.APPJ (Norman), Trojan.Downloader.Jexprox.A (BitDefender), Trojan.DownLoad1.44740 (Dr.Web), Win32/TrojanDownloader.Jexprox.A (ESET), BackDoor-CZX (McAfee), Backdoor.Homutex (Symantec), BKDR_HOMUTEX.B (Trend Micro).

Explanation :

Backdoor:Win32/Homutex.A.dll is a malicious Windows Sockets 2 transport service provider backdoor trojan.
Top

Backdoor:Win32/Homutex.A.dll is a malicious Windows Sockets 2 transport service provider backdoor trojan. Installation Backdoor:Win32/Homutex.A.dll is installed by TrojanDropper:Win32/Homutex.A as the following file:

  • <system folder>\abcedg.dll
    • Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. Payload Allows backdoor access and control Backdoor:Win32/Homutex.A.dll may contact a remote website (218.57.142.211) and do the following actions:
  • Read/write files
  • Download/run files
  • Get drive/files information
  • Create/remove folders
  • Open a command shell backdoor
  • Get screenshots
  • Get Microsoft Windows version


    • Analysis by Jireh Sanico

    Last update 06 July 2010

     

    TOP

    Malware :

    Family: