Home / malware Backdoor:Win32/Zegost.X
First posted on 03 July 2012.
Source: MicrosoftAliases :
Backdoor:Win32/Zegost.X is also known as BDS/Zegost.X.74 (Avira), Gen:Variant.Graftor.984 (BitDefender), BackDoor.Storm.6 (Dr.Web), Win32/Farfli.LJ trojan (ESET), BackDoor-FADV!01B66B98EAEC (McAfee), BACKDOOR.Trojan (Symantec).
Explanation :
Backdoor:Win32/Zegost.X is the DLL component of the Zegost malware family. It is usually installed in your computer by other variants of Zegost, such as Backdoor:Win32/Zegost.AD.
Backdoor:Win32/Zegost.X may have the following file name:
%Temp%\kbdmgr.dll
In the wild, we have observed Backdoor:Win32/Zegost.X being dropped and injected into the "explorer.exe" process by Backdoor:Win32/Zegost.AD.
Payload
Allows backdoor access and control
Backdoor:Win32/Zegost.X allows an unauthorized user to gain access and control of your computer. It may connect to the following servers:
- 120.50.35.60
- 61.178.77.106
- 61.178.77.169
- 61.234.4.200
- luck201202.oicp.net
Once connected, the unauthorized user can perform any number of different actions on your computer using Backdoor:Win32/Zegost.X. These could include, but are not limited to, the following:
- Downloading and running arbitrary files
- Uploading files
- Logging keystrokes and stealing sensitive data
- Getting information about your computer
- Capturing what's on your screen
- Running or stopping programs
- Deleting files
Analysis by Elda Dimakiling
Last update 03 July 2012
