Home / malwarePDF  

Backdoor.Agent.AADK


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Backdoor.Agent.AADK is also known as Backdoor.Win32.Agent.adne(KAV32.

Explanation :

When is executed the malware drops a driver overwrites and load beep.sys (a non-critical Windows driver) from C:Windowssystem32drivers folder. The new driver is detected as Trojan.Rootkit.GGR.
A second component (a DLL) is dropped in C:WindowsSystem32 and is loaded as a service named
MS Media Control Center and having description "Provides support for media player. This service can't be stoped." The DLL name is T*m*t*D.dll ( "*" - are random Ascii characteres) - Backdoor.PCClient.TEO.
After the service is loaded tries to connect (TCP) to awen667788.3322.org on 1122 port sending TCP syncronization packets and waiting for remote commands and a new malware file wich most probably will be saved as C:1.exe (the file was unavailable at the moment of this description).

Last update 21 November 2011

 

TOP