| Visit ThreatExpert web site | | | Close Report |
| What's been found | Severity Level |
| Downloads/requests other files from Internet. |  |
| Contains characteristics of an identified security risk. |  |
 | Possible Security Risk |
| Security Risk | Description |
Backdoor.Eterok!sd6 |
Backdoor.Eterok!sd6 is a malicious application that runs in the background and allows remote access to your system, giving the attacker full control of your system. |
| Backdoor.IRCBot!sd6 |
Backdoor.IRCBot!sd6 is a family of IRC backdoors allowing unauthorized access to an infected PC. It has the capability to spread over a network exploiting various Windows vulnerabilities. |
| Threat Category | Description |
 |
A malicious backdoor trojan that runs in the background and allows remote access to the compromised system |
 | File System Modifications |
| # | Filename(s) | File Size | File Hash | Alias |
| 1 |
c:\Settings\arm64.dll
|
36,352 bytes | MD5: 0xD7EA57CA184DD5FF659939DD011068D9 SHA-1: 0xAA3D15D7684A4C2E5CA327AD87B4F0FE76C61772 |
Backdoor.Eterok.C [Symantec] |
| 2 | c:\Settings\desktop.ini | 23 bytes | MD5: 0x1DCB3C720DD35021C77AA0F4736FCAC8 SHA-1: 0xF6F47FB397EA7903C4239BFFD00699CEBC8C6909 |
(not available) |
| 3 | [file and pathname of the sample #1] | 42,497 bytes | MD5: 0xE427F1C2438259B5B4BB386AEC822E30 SHA-1: 0xF4A4D303D8FC97D3C2BE101823D4DE3F474F025E |
(not available) |
| 4 | %Windir%\Temp\1.tmp | 17,408 bytes | MD5: 0x6CE19F9949EB9D5FC194B136E47750D5 SHA-1: 0x1FB04A4FF26953576FFBE00C178D52639E0EA385 |
Trojan-Mailfinder.Win32.Small.ag [Kaspersky Lab] |
| 5 |
%Windir%\Temp\3.sys
|
1,792 bytes | MD5: 0xF703533D22BBD751237AF15D5F41D076 SHA-1: 0x483CB71589AB547A3C212C611335EE67486686FA |
Backdoor.Trojan [Symantec] Backdoor.Win32.IRCBot.csk [Kaspersky Lab]W32/Sdbot.worm [McAfee]TROJ_AGENT.AXAT [Trend Micro]Troj/Inject-DA [Sophos] |
| 6 | %Windir%\Temp\3.tmp | 0 bytes | MD5: 0xD41D8CD98F00B204E9800998ECF8427E SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
(not available) |
 | Memory Modifications |
| Process Name | Process Filename | Main Module Size |
| [filename of the sample #1] | [file and pathname of the sample #1] | 61,440 bytes |
| Service Name | Display Name | Status | Service Filename |
| AppMgmt | AppMgmt | "Stopped" | %System%\svchost.exe -k netsvcs |
| Service Name | Display Name | New Status | Service Filename |
| ALG | Application Layer Gateway Service | "Stopped" | %System%\alg.exe |
 | Registry Modifications |
 | Other details |
| Server Name | Server Port | Connect as User | Connection Password |
| simdream.net | 80 | (null) | (null) |
| simdream.biz | 80 | (null) | (null) |
| simdream.info | 80 | (null) | (null) |
All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.
The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.
Copyright © 2010 ThreatExpert. All rights reserved.