Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:25/07/2006
Type:Backdoor Server
In the wild:No
Reported Infections:Low
Distribution Potential:Medium
Damage Potential:Medium
Static file:Yes
File size:15.959 Bytes
MD5 checksum:58f53917440Efcc59ecef3f925ad2766
VDF version: - Tuesday, July 25, 2006
IVDF version: - Tuesday, July 25, 2006

 General Method of propagation:
   • No own spreading routine

   •  TrendMicro: BKDR_AGENT.DFT
   •  VirusBuster: Worm.SdBot.CNO
   •  Bitdefender: Backdoor.Xbot.L

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Third party control

 IRC To deliver system information and to provide remote control it connects to the following IRC Server:

Port: 5262
Server password: lol
Channel: #BOTNET
Nickname: [D]|USA|XP|%several random digits%]
Password: lol

 Furthermore it has the ability to perform actions such as:
     connect to IRC server
     Launch DDoS ICMP flood
    • Download file
    • Execute file
    • Open remote shell
    • Restart system
    • Shut down system
    • Terminate malware
    • Terminate process
    • Upload file

 Injection –  It injects the following file into a process: kernel32.ime

– It injects a backdoor routine into a process.

    Process name:
   • svchost.exe

Description inserted by Gabriel Mustata on Monday, August 14, 2006
Description updated by Gabriel Mustata on Monday, August 28, 2006

Back . . . .