Troj/Bdoor-BDA

Category: Viruses and SpywareProtection available since:15 Sep 2011 10:46:27 (GMT)
Type: TrojanLast Updated:15 Sep 2011 10:46:27 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Bdoor-BDA is a backdoor Trojan for the Windows platform and is the information stealing component for Mal/Duqu-A.

Troj/Bdoor-BDA creates a new process instance of lsass.exe and injects malicious code into that process.

The malicious code injected is an encrypted DLL embedded within the injector. Both the injector and malicious DLL are detected as Troj/Bdoor-BDA.

The injected code also contains functionality to enumerate network shares and files.

The injected code also contains keylogger functionality, storing keystrokes in a data file in the user's %TEMP% directory named ~DQ<number>.tmp in XOR-encrypted form.

 

Examples of Troj/Bdoor-BDA include:

Example 1

File Information

Size
36K
SHA-1
47c4ed95f0702a12a4221144bf8637fcb9bb6702
MD5
9a9e77d2b7792fbbddcd7ce05a4eb26e
CRC-32
eb2737d1
File type
application/x-ms-dos-executable
First seen
2011-09-15

Example 2

File Information

Size
72K
SHA-1
63fc02a2caef6d865b4ac04890e21a8e40269ed6
MD5
96b4cb464bd30d7d06881da12515e3c4
CRC-32
7f08152e
File type
application/x-ms-dos-executable
First seen
2011-09-15

Example 3

File Information

File type
application/x-ms-dos-executable

Other vendor detection

Kaspersky
Trojan.Win32.Inject.bjyg