Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:13/12/2012
Type:Backdoor Server
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:6.780 Bytes
MD5 checksum:e9230502bfb224460F444da66fdd2157
VDF version:

 General Method of propagation:
   • No own spreading routine

   •  Mcafee: W32/Loosky!backdoor
   •  Kaspersky: Email-Worm.Win32.Locksky.k
   •  TrendMicro: WORM_LOCKSKY.F
   •  VirusBuster: iworm I-Worm.Locksky.R
   •  Bitdefender: Win32.Locksky.C@mm

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP

Side effects:
   • Third party control

 Backdoor The following port is opened:

%WINDIR%\sachostb.exe on TCP port 321 in order to provide backdoor capabilities.

Remote control capabilities:
    • Abort connection
    • Change directory
    • Copy file
    • Delete file
    • Directory listing
    • Display a message
    • Download file
    • Execute file
    • Move file

 File details Programming language:
The malware program was written in MS Visual C++.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Daniel Constantin on Monday, December 19, 2005
Description updated by Daniel Constantin on Tuesday, January 3, 2006

Back . . . .