Win32/DDoS.VB.NAA [Threat Name] go to Threat
Win32/DDoS.VB.NAA [Threat Variant Name]
Category | trojan |
Size | 36864 B |
Aliases | DoS.CUX.trojan (AVG) |
TR/Spy.36864.1222 (Avira) |
Short description
The trojan serves as a backdoor. It can be controlled remotely.
Installation
The trojan does not create any copies of itself.
The trojan may set the following Registry entries:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Windows Kernel" = "%malwarefilepath%"
This causes the trojan to be executed on every system start.
Information stealing
The trojan collects the following information:
- CPU information
The trojan attempts to send gathered information to a remote machine.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a URL address. The HTTP protocol is used.
The trojan opens TCP port 1337 .
The trojan opens a random UDP port.
It can execute the following operations:
- perform DoS/DDoS attacks