SecurityHome.eu Trojan:Win64/Ampskerk.A!dha

Home / malware PDF

Trojan:Win64/Ampskerk.A!dha

First posted on 28 January 2015.
Source: Microsoft
Aliases :
There are no other names known for Trojan:Win64/Ampskerk.A!dha.
Explanation :
Threat behavior

Installation

This threat tries to bypass Windows Kerberos-based and NTLM (NT LAN Manager) authentication of accounts on an infected domain controller.

It only affects domain controllers with the following 64-bit Windows operating systems:

Windows Server 2003 R2

Windows Server 2008

Windows Server 2008 R2

We have seen it use the following file names:

msuta64.dll

ole64.dll

Payload

Accesses domain accounts

This threat targets compromised domain controllers. It can give a malicious hacker access to use a backdoor password (skeleton key) to access any account in the domain, where single-factor authentication (password only) is used.

Analysis by Chun Feng

Symptoms

The following can indicate that you have this threat on your PC:

You have these files:

msuta64.dll
ole64.dll

Last update 28 January 2015

TOP

Malware :

Last 20

Family:

Trojan:Win64/Ampskerk.A!dha