Home / malwarePDF  

Backdoor:Win64/Diovule.A


First posted on 29 August 2017.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win64/Diovule.A.

Explanation :

Arrival

This malicious DLL module for Internet Information Service (IIS) may be dropped or downloaded by other malware.

We have seen this threat use the filename HttpModule.dll.

Payload

Allows backdoor access and control

This threat gives an attacker the ability to remotely control and execute comments on a compromised server.

It waits for commands from a remote attacker by monitoring HTTP requests sent to the IIS server. It can allow the attacker to perform a number of actions, including:

  • Execute cmd commands
  • Upload a file, download a file
  • Start new process
  • Intercept HTTP traffic






Analysis by Jonathan San Jose

Last update 29 August 2017

 

TOP