Troj/Exemas-B is a backdoor Trojan for the Windows platform.
When first run Troj/Exemas-B copies itself to <System>\ali.exe.
The following registry entry is created to run ali.exe on startup:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\(B6A807N6-42DF-4W02-93E5-B156B3FA8AL1)
StubPath
<System>\ali.exe
Troj/Exemas-B includes functionality to: silently download, install and run new software, uninstall itself; change security settings and disable other applications.
Troj/Exemas-B will also attempt to bypass the Windows XP firewall by adding itself to open ports list located at the following registry entry:
SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
Troj/Exemas-B includes functionality to: silently download, install and run new software, uninstall itself; change security settings and disable other applications.
Troj/Exemas-B also attempts to inject itself to a currently registered web browser in the computer.