Home / malwarePDF  

Backdoor:Win32/Qakbot.gen!arc2


First posted on 10 March 2019.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win32/Qakbot.gen!arc2.

Explanation :

Backdoor:Win32/Qakbot.gen!arc2 is the generic detection for an obfuscated file that is downloaded by variants of Win32/Qakbot. This obfuscated file may either be a configuration file or an archive file containing several components of Win32/Qakbot.

Installation

This trojan component is installed by variants of Win32/Qakbot. These configuration files or archives are used by Qakbot to update and install itself, and usually contain everything necessary for Qakbot to run.

Additional Information

The obfuscation method and the archive format is unique to Qakbot. A detection of Backdoor:Win32/Qakbot.gen!arc2 is an indication that the computer is likely infected with the Qakbot backdoor trojan. For more information, see the description for the Win32/Qakbot family elsewhere in the encyclopedia.

Analysis by Jonathan San Jose

Last update 10 March 2019

 

TOP