RemoteAdmin

Category: Adware and PUAs Protection available since:12 Apr 2006 00:00:00 (GMT)
Type: Remote Administration Tool Last Updated:05 Nov 2016 21:08:31 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of RemoteAdmin include:

Example 1

File Information

Size
1.1M
SHA-1
002b410fae638b29d9805c9fdd21c13a306b0cae
MD5
5749c7a7e5e033af8ad95e0713c3b573
CRC-32
dcd9ce98
File type
Windows executable
First seen
2016-01-12

Example 2

File Information

Size
2.8M
SHA-1
0064fc85f2f7ae0c192104d5380c725cfc1ea242
MD5
f69beb2fc9d5d35caeabbcac02ecc73e
CRC-32
22e29e8d
File type
Windows executable
First seen
2016-01-05

Runtime Analysis

Dropped Files
  • C:\WINDOWS\system\raddrv.dll
  • C:\WINDOWS\system\AdmDll.dll
Registry Keys Created
  • HKLM\SOFTWARE\Eset\ESET Security\CurrentVersion\Plugins\01000600\Profiles\@My profile\Excludes\Node_00000001
    Infiltration
  • HKLM\SOFTWARE\Eset\ESET Security\CurrentVersion\Plugins\01000600\Profiles\@My profile\Excludes\Node_00000000
    Path
    c:\Documents and Settings\test user\Local Settings\Temp\
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    C:\WINDOWS\system32\ftp.exe
    C:\WINDOWS\system32\ftp.exe:*:Enabled:????????? ???????? ?????? (FTP)
  • HKLM\SOFTWARE\Eset\ESET Security\CurrentVersion\Plugins\01000600\Profiles\@My profile\Excludes
    StatisticsEnabled
    0x00000000
  • HKLM\SOFTWARE\Eset\Nod\CurrentVersion\Modules\AMON\Settings\Config000\Scanner
    heuristics_enable
    0x00000000
  • HKLM\SOFTWARE\Eset\ESET Security\CurrentVersion\Plugins\01000600\Profiles\@My profile\Excludes\Node_00000002
    Infiltration
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    System
    System.exe
  • HKLM\SYSTEM\RAdmin\v2.0\Server\Parameters
    Port
    □□□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
    C:\WINDOWS\system\svchost.exe
    C:\WINDOWS\system\svchost.exe:*:Enabled:svchost

Example 3

File Information

Size
180K
SHA-1
013f9b312afc7a467ca90155d7cf8c041e835a58
MD5
4c454f634f6958877cd11d78bc4a1a13
CRC-32
92ce4a26
File type
Windows executable
First seen
2007-10-29

download Try Sophos products for free
Download now