Hi,
Here a fresh (network activity still active) sample of Backdoor.Win32.IRCBot!IK
Have a nice Day,
Giuseppe 'Evilcry' Bonfa'
Here a fresh (network activity still active) sample of Backdoor.Win32.IRCBot!IK
Autostart capabilities: This executable registers processes to be executed at system start. This could result in unwanted actions to be performed automatically. mediumsome specification on File System Modifications
Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. medium
Creates files in the Windows system directory: Malware often keeps copies of itself in the Windows directory to stay undetected by users. medium
Joins IRC Network: The executable connects to an IRC network, most probably functioning as a zombie in a botnet. high
Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary. high
Spawns Processes: The executable produces processes during the execution. low
Performs Registry Activities: The executable reads and modifies registry values. It may also create and monitor registry keys. medium
1in attachment the sample with password: malware
%ProgramFiles%\infocard.exe
%Windir%\infocard.exe
2 %ProgramFiles%\mds.sys
%ProgramFiles%\mdt.sys
%Windir%\mds.sys
%Windir%\mdt.sys
3 %ProgramFiles%\winbrd.jpg
Have a nice Day,
Giuseppe 'Evilcry' Bonfa'
Attachments
password: malware
(78.72 KiB) Downloaded 92 times
(78.72 KiB) Downloaded 92 times
