Home / malware

PDF

Backdoor:Win32/Cycbot!cfg

First posted on 05 March 2019.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win32/Cycbot!cfg.

Explanation :

Backdoor:Win32/Cybot.gen!cfg is the detection for a non-executable component created by members of the Backdoor:Win32/Cycbot malware family.

Installation

Backdoor:Win32/Cybot.gen!cfg is usually present as the following file:

%AppData%microsoftstor.cfg

It may be dropped by the main Backdoor:Win32/Cycbot component.

Payload

Stores configuration data for Cycbot

Backdoor:Win32/Cybot.gen!cfg contains configuration data for members of the Cycbot family to perform their payload. The information may include the following:

Port number to open for proxy communication IP numbers to connect to in a pay-per-click scheme Websites to connect to Additional information

More information on Cycbot is available in the following pages:

Backdoor:Win32/Cycbot.A Backdoor:Win32/Cycbot.B

Analysis by Mihai Calota

Last update 05 March 2019

 

TOP