Home / malwarePDF  

Tool:Win32/Pipecmd.B


First posted on 14 March 2012.
Source: Microsoft

Aliases :

Tool:Win32/Pipecmd.B is also known as Logger.EKO (AVG), not-a-virus:Monitor.Win32.ActivityMonitor.38 (Kaspersky), Application/ActivityMon (Panda).

Explanation :

Tool:Win32/Pipecmd.B is a detection for a tool that allows an attacker to run commands with SYSTEM privileges from a local or remote machine. It is installed as a system service and communicates with other malware over the named pipe.
Top

Tool:Win32/Pipecmd.B is a detection for a tool that allows an attacker to run commands with SYSTEM privileges from a local or remote machine. It is installed as a system service and communicates with other malware over the named pipe. Installation Tool:Win32/Pipecmd.B may be installed by Tool:Win32/Pipecmd.A and dropped to the following location: <system folder>\xCmdSvc.exe Tool:Win32/Pipecmd.B may be present as a system service named "xCmdSvc". Payload Allows backdoor access and control Tool:Win32/Pipecmd.B attempts to create a named pipe "\\.\pipe\xCmd_communicaton" and awaits connection from an attacker. The connection can be from a local or remote computer. Tool:Win32/Pipecmd.B receives commands from the named pipe and launches 'cmd.exe' to execute commands with SYSTEM privileges. Win32/Pipecmd.B unloads and deletes the installed service after executing the received commands.

Analysis by Shawn Wang

Last update 14 March 2012

 

TOP

Malware :