Home / malware

PDF

Backdoor:Win32/Plugx.M

First posted on 20 November 2014.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win32/Plugx.M.

Explanation :

Threat behavior

Installation

Backdoor:Win32/Plugx.M creates the following files on your PC:

• c:\documents and settings\administrator\local settings\temp\mcutil.dll
• c:\documents and settings\administrator\local settings\temp\moic.exe
• c:\documents and settings\administrator\local settings\temp\moic.exe.dat
• c:\documents and settings\all users\drm\emproxy\ctawmyt
• c:\documents and settings\all users\drm\emproxy\mcutil.dll
• c:\documents and settings\all users\drm\emproxy\moic.exe
• c:\documents and settings\all users\drm\emproxy\moic.exe.dat

Payload

Stops processes
Backdoor:Win32/Plugx.M can stop the following processes:

• moic.exe

Allows backdoor access and control
The malware gives a hacker access and control of your PC. They can then perform a number of different actions, including:

• Downloading and running files
• Uploading files
• Spreading malware to other PCs
• Logging your keystrokes or stealing your sensitive data
• Modifying your system settings
• Running or stopping applications
• Deleting files

This malware description was produced and published using automated analysis of file SHA1 d679d70a91f9fc11132aa875896df6c899d1afc9.Symptoms

System changes

The following could indicate that you have this threat on your PC:

• You have these files:
  
  c:\documents and settings\administrator\local settings\temp\mcutil.dll
  c:\documents and settings\administrator\local settings\temp\moic.exe
  c:\documents and settings\administrator\local settings\temp\moic.exe.dat
  c:\documents and settings\all users\drm\emproxy\ctawmyt
  c:\documents and settings\all users\drm\emproxy\mcutil.dll
  c:\documents and settings\all users\drm\emproxy\moic.exe
  c:\documents and settings\all users\drm\emproxy\moic.exe.dat

Last update 20 November 2014

 

TOP