Home / malware Backdoor.Voldat
First posted on 20 November 2015.
Source: SymantecAliases :
There are no other names known for Backdoor.Voldat.
Explanation :
When this Trojan is executed, it creates the following file: %AppData%\Roaming\Microsoft\MMC\MMC.exe
The Trojan then creates the following registry entry so that it runs every time Windows starts: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"MMC" = "%AppData%\Roaming\Microsoft\MMC\MMC.exe /s"
Next, the Trojan opens a back door on the compromised computer and connects to the following remote locations: [http://]tzz.exemail.net/[RANDOM C[REMOVED][https://]tzz.exemail.net/[RANDOM C[REMOVED]
The Trojan then performs the following actions: Modify and upload filesList local drivesDownload remote filesShut down or restart the computerExecute piped commandsLast update 20 November 2015
