Home / malware

PDF

Backdoor:Win32/Wekjil.A

First posted on 27 July 2010.
Source: SecurityHome

Aliases :

Backdoor:Win32/Wekjil.A is also known as BDS/Backdoor.Gen (Avira).

Explanation :

Backdoor:Win32/Wekjil.A is a trojan that allows limited remote access and control by allowing communication via an open TCP port between the affected computer and an attacker.
Top

Backdoor:Win32/Wekjil.A is a trojan that allows limited remote access and control by allowing communication via an open TCP port between the affected computer and an attacker. InstallationThis trojan may be installed by other malicious software as a service. The service is visible via the services applet in Control Panel as the following: Backdoor:Win32/Wekjil.A may be present as a file named "netcon.exe". Payload Allows limited remote access and controlWhen the trojan runs, it opens TCP port 1089 and awaits communication from a remote attacker. The trojan binds to the legitimate process "CMD.EXE" (command shell) to execute arbitrary commands.

Analysis by Andrei Florin Saygo

Last update 27 July 2010

 

TOP