Need help? Ask the community or hire an expert.
Go to Avira Answers
Nume:BDS/Maxplus.B
Descoperit pe data de:02/03/2012
Tip:Backdoor Server
ITW:Nu
Numar infectii raportate:Scazut
Potential de raspandire:Mediu spre ridicat
Potential de distrugere:Scazut
Marime:32256 Bytes
MD5:10466e54d920019d7a1b3bfeb0d7f143
Versiune VDF:7.11.24.126 - vineri, 2 martie 2012
Versiune IVDF:7.11.24.126 - vineri, 2 martie 2012

 General Metoda de raspandire:
   • Nu are rutina proprie de raspandire


Alias:
   •  Mcafee: Generic
   •  Kaspersky: HEUR:Backdoor.Win64.Generic
   •  Sophos: Mal/Generic-L
   •  Bitdefender: Trojan.Generic.7049498
   •  Microsoft: Trojan:Win64/Sirefef.K
   •  Grisoft: Generic26.YFQ
   •  Eset: Win64/Sirefef.O trojan
   •  GData: Trojan.Generic.7049498
   •  DrWeb: BackDoor.Maxplus.612
   •  Norman: Trojan ZAccess.BR


Sistem de operare:
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Efecte secundare:
   • Poate fi utilizat pentru a executa cod malitios

 Backdoor Servere contactate:
Aceasta se face printr-o interogare HTTP GET intr-un script PHP.

 Alte informatii Event handler:
Creeaza urmatoarele Event handlere:
   • ZwSetHighWaitLowEventPair
   • ZwWaitForSingleObject
   • ZwSetInformationFile
   • ZwWaitHighEventPair
   • ZwSetLowEventPair
   • ZwCreateEventPair
   • ZwDelayExecution
   • DhcpNameServer
   • ZwCancelTimer
   • ZwCreateTimer
   • OpenDesktopW
   • PostMessageW
   • ZwCreateFile
   • WWW_OpenURL


Sir de caractere:
In plus, mai contine urmatoarele siruri de caractere:
   • GET /p/**********.php?w=%u&i=%S&n=%u
   • HTTP/1.0
   • Host: %s
   • GET %s
   • resident.dll

Description inserted by Wensin Lee on Monday, March 5, 2012
Description updated by Wensin Lee on Monday, March 5, 2012

Back . . . .