Win32/Ramnit [Threat Name] go to Threat
Win32/Ramnit.O [Threat Variant Name]
|Detection created||Oct 27, 2011|
|Signature database version||6579|
The virus serves as a backdoor. It can be controlled remotely. The virus is usually a part of other malware. The file is run-time compressed using UPX .
The virus does not create any copies of itself.
The virus is a malicious Win32/Ramnit extension/plugin.
The virus acquires data and commands from a remote computer or the Internet.
It can execute the following operations:
- open a specific URL address
- visit a specific website
- simulate user's input (clicks, taps)
- download files from a remote computer and/or the Internet
- run executable files
- send requested files
- send the list of running processes to a remote computer
- send the list of files on a specific drive to a remote computer
- terminate running processes
- create folders
- delete folders