Home / malwarePDF  

Backdoor.Remexi.B


First posted on 10 November 2015.
Source: Symantec

Aliases :

There are no other names known for Backdoor.Remexi.B.

Explanation :

The Trojan can be installed by the user or by other malware.

Once executed, the Trojan creates the following files:
%System%\mas.dll
%Temp%\WIN[RANDOM FILE NAME].tmp

Next, it creates the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SEA

The Trojan then opens a back door on the compromised computer and connects to the following remote location:
87.117.204.143

The Trojan may then perform malicious activities on the compromised computer.

Last update 10 November 2015

 

TOP