Security home

 

Home / malwarePDF  

Backdoor:Win32/Zegost.X


First posted on 03 July 2012.
Source: Microsoft

Aliases :

Backdoor:Win32/Zegost.X is also known as BDS/Zegost.X.74 (Avira), Gen:Variant.Graftor.984 (BitDefender), BackDoor.Storm.6 (Dr.Web), Win32/Farfli.LJ trojan (ESET), BackDoor-FADV!01B66B98EAEC (McAfee), BACKDOOR.Trojan (Symantec).

Explanation :



Backdoor:Win32/Zegost.X is the DLL component of the Zegost malware family. It is usually installed in your computer by other variants of Zegost, such as Backdoor:Win32/Zegost.AD.

Backdoor:Win32/Zegost.X may have the following file name:

%Temp%\kbdmgr.dll

In the wild, we have observed Backdoor:Win32/Zegost.X being dropped and injected into the "explorer.exe" process by Backdoor:Win32/Zegost.AD.



Payload

Allows backdoor access and control

Backdoor:Win32/Zegost.X allows an unauthorized user to gain access and control of your computer. It may connect to the following servers:

  • 120.50.35.60
  • 61.178.77.106
  • 61.178.77.169
  • 61.234.4.200
  • luck201202.oicp.net


Once connected, the unauthorized user can perform any number of different actions on your computer using Backdoor:Win32/Zegost.X. These could include, but are not limited to, the following:

  • Downloading and running arbitrary files
  • Uploading files
  • Logging keystrokes and stealing sensitive data
  • Getting information about your computer
  • Capturing what's on your screen
  • Running or stopping programs
  • Deleting files




Analysis by Elda Dimakiling

Last update 03 July 2012

 

TOP

Malware :

Family: