Home / malware Backdoor:MSIL/Moidirat.A
First posted on 01 July 2019.
Source: MicrosoftAliases :
There are no other names known for Backdoor:MSIL/Moidirat.A.
Explanation :
Installation This threat can create files on your PC, including:
%APPDATA%programme files(x34)build15windows.exewindows update34build15.exe
It modifies the registry so that it runs each time you start your PC. For example:
In subkey: HKCUsoftwaremicrosoftwindowscurrentversion
un
Sets value: "Sidebar(x34) Build15"
With data: "%APPDATA%programme files(x34)build15windows.exe"
Payload We have seen this threat contact a remote host, including: www.download.windowsupdate.com using port 80 The malware typically does this to:Check for an Internet connection.Download and run files (including updates or other malware).Report a new infection to its author.Receive configuration or other data.Receive instructions from a malicious hacker.Search for your PC location.Upload information taken from your PC.Validate a digital certificate. This malware description was published using automated analysis of file SHA1 8bc2c31a42ae45772165fea15162197cb6576db3.Last update 01 July 2019
