SecurityHome.eu Backdoor:Win64/Diovule.A

Home / malware PDF

Backdoor:Win64/Diovule.A

First posted on 29 August 2017.
Source: Microsoft
Aliases :
There are no other names known for Backdoor:Win64/Diovule.A.
Explanation :
Arrival

This malicious DLL module for Internet Information Service (IIS) may be dropped or downloaded by other malware.

We have seen this threat use the filename HttpModule.dll.

Payload

Allows backdoor access and control

This threat gives an attacker the ability to remotely control and execute comments on a compromised server.

It waits for commands from a remote attacker by monitoring HTTP requests sent to the IIS server. It can allow the attacker to perform a number of actions, including:

Execute cmd commands

Upload a file, download a file

Start new process

Intercept HTTP traffic

Analysis by Jonathan San Jose
Last update 29 August 2017

TOP

Malware :

Dridex
Shamoon 2
Hitler-Ransomware
Trojan.Win32.Vicepass.A
ButterflyBot.A

Last 20

Family:

Backdoor:Win64/Diovule.A