Home / malware Backdoor:MSIL/Noancooe.C
First posted on 15 February 2019.
Source: MicrosoftAliases :
There are no other names known for Backdoor:MSIL/Noancooe.C.
Explanation :
This threat can create files on your PC, including:
%ProgramFiles%scsi managerscsimgr.exe
It modifies the registry so that it runs each time you start your PC. For example:
In subkey: HKLMsoftwaremicrosoftwindowscurrentversion
un
Sets value: "SCSI Manager"
With data: "%ProgramFiles%scsi managerscsimgr.exe"
Payload
Allows backdoor access and control
The malware gives a hacker access and control of your PC. They can then perform a number of different actions, including:
Downloading and running files Uploading files Spreading malware to other PCs Logging your keystrokes or stealing your sensitive data Modifying your system settings Running or stopping applications Deleting files
Connects to a remote host
We have seen this threat connect to a remote host, including: zooge.no-ip.biz using port 9033 Malware can connect to a remote host to:Check for an Internet connection.Download and run files (including updates or other malware).Report a new infection to its author.Receive configuration or other data.Receive instructions from a malicious hacker.Search for your PC location.Upload information taken from your PC.Validate a digital certificate. Additional information
This threat can create a mutex on your PC. For example:
Global{614d2f32-e577-4b66-96e2-2c17c695b40c}
It might use this mutex as an infection marker to prevent more than one copy of the threat running on your PC.
This malware description was published using automated analysis of file SHA1 015dde4cd4cbc957f2d581b7d1d81b6efa661a30.Last update 15 February 2019
