Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:27/02/2012
Type:Backdoor Server
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Medium to high
Damage Potential:Low
Static file:Yes
File size:30720 Bytes
MD5 checksum:76067bce7e3362281c5b6ed372ba3913
VDF version: - Monday, February 27, 2012
IVDF version: - Monday, February 27, 2012

 General Method of propagation:
   • No own spreading routine

   •  Mcafee: Generic.grp!fl
   •  Kaspersky: HEUR:Backdoor.Win64.Generic
   •  Bitdefender: Trojan.Generic.7141969
     Microsoft: Trojan:Win64/Sirefef.K
   •  Grisoft: Generic26.BOSL
   •  Eset: Win64/Sirefef.U trojan
     GData: Trojan.Generic.7141969
     Norman: Trojan Suspicious_Gen4.OMJ

Platforms / OS:
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

Side effects:
    Can be used to execute malicious code

 Miscellaneous Event handler:
It creates the following Event handlers:
   • DestroyEnvironmentBlock
   • ZwWaitHighEventPair
   • ZwSetLowEventPair
   • ZwCreateEventPair
   • SetThreadDesktop
   • GetThreadDesktop
   • ZwDelayExecution
   • WWW_OpenURL

Furthermore it contains the following strings:
   • GET /p/**********.php?w=%u&i=%S&n=%u
   • HTTP/1.0
   • resident.dll

설명 삽입자 Wensin Lee   2012년 2월 29일 수요일
설명 업데이트 Wensin Lee   2012년 2월 29일 수요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.