Home / malwarePDF  

PWS:Win32/Blaknight.A


First posted on 21 November 2014.
Source: Microsoft

Aliases :

There are no other names known for PWS:Win32/Blaknight.A.

Explanation :

Threat behavior

Installation
This threat can create files on your PC, including:

  • \bakjred\agmnrj.exe
  • \bakjred.url


Payload


Connects to a remote host

We have seen this threat connect to a remote host, including:
  • bot.whatismyipaddress.com using port 80
  • smtp.gmail.com using port 587
Commonly, malware does this to:
  • Check for an Internet connection.
  • Download and run files (including updates or other malware).
  • Report a new infection to its author.
  • Receive configuration or other data.
  • Receive instructions from a malicious hacker.
  • Search for your PC location.
  • Upload information taken from your PC.
  • Validate a digital certificate.


Additional information

This threat can create a mutex on your PC. For example:

  • wTIqNJCt
This malware description was published using automated analysis of file SHA1 ce8a1cb546713571f39917ca8d6d9d64bb304b3a. Symptoms

The following could indicate that you have this threat on your PC:

  • You see these files:
  • \bakjred\agmnrj.exe
  • \bakjred.url
  • You see a mutex such as:
  • wTIqNJCt

Last update 21 November 2014

 

TOP

Malware :

Family: