Examples of Troj/Bckdr-QWJ include:
Example 1
Other vendor detection
- Avira
- TR/Wimpixo.50688A.1
- Kaspersky
- Trojan.Win32.Agent2.kuz
- Trend
- TROJ_WIMPIXO.BG
Runtime Analysis
Dropped Files
- C:\WINDOWS\system32\pcmstub.sys
- C:\WINDOWS\system32\6to4v32.dll
Registry Keys Created
- HKLM\SYSTEM\CurrentControlSet\Services\pcmstub\Enum
- NextInstance
- 0x00000000
- HKLM\SYSTEM\CurrentControlSet\Services\6to4\Security
- Security
- 01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
- HKLM\SYSTEM\CurrentControlSet\Services\6to4\Enum
- Count
- 0x00000001
- HKLM\SYSTEM\CurrentControlSet\Services\pcmstub
- ErrorControl
- 0x00000000
- HKLM\SYSTEM\CurrentControlSet\Services\6to4
- ImagePath
- %SystemRoot%\System32\svchost.exe -k netsvcs
Processes Created
- c:\windows\system32\cmd.exe
Example 2
Other vendor detection
- Kaspersky
- Trojan.Win32.Obfuscated.aglx