Win32/Backzat [Threat Name] go to Threat
Win32/Backzat.Z [Threat Variant Name]
Category | worm |
Size | 32256 B |
Aliases | Trojan.Win32.KillFiles.nc (Kaspersky) |
Win32.Backzat.H@mm (BitDefender) | |
Win32.HLLM.LoneWolf.8 (Dr.Web) |
Short description
The worm has a simple payload. The file is run-time compressed using UPX .
Installation
The worm does not create any copies of itself.
Other information
The worm searches for files with the following file extensions:
- *.*
Only following folders are searched:
- C:\
When the worm finds a file matching the search criteria, it overwrites its content.
The worm writes the following entries to the file:
- L0NEw0lf Was Here...