Dumador.IK
| Dumador.IK |
Destructivity:  Spreading: Overall risk:
|
| • Detected by virus detection files published: 8/11/2005 | • Type: Backdoor |
| • Virus characteristics first published: 8/11/2005 | • Spreading mechanism: Other |
| • Virus characteristics latest update: 11/28/2005 | • Overall risk: Medium |
| • Alias: Dumador.DG, Win32.Bambo, W32/Dumador.AG@bd, W32/Dumador.J-bdr, BKDR_DUMADOR.AX, Backdoor.Nibu | • Payload: Keylogger |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
|
SandBox output for winldra.exe: [ Changes to filesystem ] * Creates file C:\WINDOWS\SYSTEM\winldra.exe. * Creates file C:\WINDOWS\netdx.dat. * Creates file C:\WINDOWS\dvpd.dll. * Creates file C:\WINDOWS\TEMP\fe43e701.htm. [ Changes to registry ] * Creates value "load32"="C:\WINDOWS\SYSTEM\winldra.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run". * Creates key "HKCU\Software\SARS". * Sets value "Start"="" in key "HKLM\System\CurrentControlSet\Services\SharedAccess". * Sets value "SocksPort"="ø¶" in key "HKCU\Software\SARS". * Sets value "AllowWindowReuse"="" in key "HKCU\Software\Microsoft\Internet Explorer\Main". [ Changes to system settings ] * Creates WindowsHook monitoring cbt activity. [ Network services ] * Looks for an Internet connection. [ Security issues ] * Possible backdoor functionality [UNKNOWN] port 9125. [ Process/window information ] * Will automatically restart after boot (I'll be back...). * Creates a COM object with CLSID {0002DF01-0000-0000-C000-000000000046} : Internet Explorer (Ver 1.0). * Modifies other process memory. * Creates a remote thread.
|
||||||||||||||