Troj/Backdr-DK

Category: Viruses and Spyware Protection available since:25 Aug 2010 08:00:08 (GMT)
Type: Trojan Last Updated:10 Sep 2010 00:46:27 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Backdr-DK include:

Example 1

File Information

Size
619K
SHA-1
589f4b191b9629aac6b3f69117fc96772617688f
MD5
b9273d43ec1b2f473f540c70de1bf37a
CRC-32
1cfd048b
File type
application/x-ms-dos-executable
First seen
2010-09-07

Other vendor detection

Avira
DR/Delphi.Gen

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\npwmsdrm.exe
  • C:\npwmsdrm.exe
Dropped Files
  • C:\AutoRun.inf
    Size
    90
    SHA-1
    04cd2975d382ee651e42f6f433432c9a375ee9b6
    MD5
    ea996cfbad012b28918a07eff540f1c0
    CRC-32
    23feee19
    File type
    application/octet-stream
    First seen
    2010-09-07
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Serscer
    ErrorControl
    0x00000000
Processes Created
  • c:\windows\system32\cmd.exe

Example 2

File Information

Size
90
SHA-1
04cd2975d382ee651e42f6f433432c9a375ee9b6
MD5
ea996cfbad012b28918a07eff540f1c0
CRC-32
23feee19
File type
application/octet-stream
First seen
2010-09-07

Other vendor detection

Trend
Mal_Otorun2

Example 3

Other vendor detection

Avira
BDS/Hupigon.bhi
Kaspersky
Backdoor.Win32.Hupigon.ljsr

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\Utility Mang.exe
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Utility Mangserver \Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\Utility Mangserver
    ImagePath
    C:\WINDOWS\Utility Mang.exe
Processes Created
  • c:\windows\system32\cmd.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy