SecurityHome.eu Trojan.Backtar

Home / malware PDF

Trojan.Backtar

First posted on 04 February 2015.
Source: Symantec
Aliases :
There are no other names known for Trojan.Backtar.
Explanation :
Once executed, the Trojan creates the following file:
%ProgramFiles%\Google\Google Update.exe
The Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"GoogleUpdate" = "%ProgramFiles%\Google\Google Update.exe"
Next, the Trojan modifies the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" = "%System%\userinit.exe,%ProgramFiles%\Google\Google Update.exe"
The Trojan contains an encrypted copy of Backdoor.Breut, this is executed by decrypting the code and loading it into memory.
Last update 04 February 2015

TOP

Malware :

RATDispenser
Raspberry Robin
ObliqueRAT
DoppelPaymer
Dridex

Last 20

Family:

Trojan:W32/Qhost.JE
Trojan-Downloader:HTML/Agent.DY
Trojan.Cidox!kmem
Trojan.Ransomlock!g75
Trojan.Klovbot!gen2
Trojan.Poweliks!gm
Trojan.Shylock!gen9
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan:SymbOS/Bootton.I