Backdoor Bifrose – kernel31.dll – 0c604675b86e1a3499e54742f6cc204c

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

Backdoor Bifrose
Also known as: Trojan CI, Trojan Agent
SHA256: a7c7c750f70358a6e1590fc5bfc7cc2b4b098cb0585fc59319bcaffd7bec8957
SHA1: 4b9655b13108bd1ac781a531c5292f2cead5c53e
MD5: 0c604675b86e1a3499e54742f6cc204c
File size: 903680 bytes

Created files:

C:\windows\system32\kernel31.dll – Backdoor Bifrose
C:\windows\system32\pxoogo.dll – Backdoor Bifrose
%Temp%\IXP000.TMP\heise1.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\mspaint.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\mstsc.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\netsetup.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\sehei.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\sndrec32.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\sndvol32.exe – Backdoor Bifrose

Backdoor Bifrose created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: rundll32.exe %WinDir%\System32\advpack.dll,DelNodeRunDLL32 “%Temp%\IXP000.TMP\”
HKLM\System\CurrentControlSet\Services\pxoogo\Type: 10010000
HKLM\System\CurrentControlSet\Services\pxoogo\Start: 02000000
HKLM\System\CurrentControlSet\Services\pxoogo\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\pxoogo\DisplayName: pxoogo
HKLM\System\CurrentControlSet\Services\pxoogo\ImagePath: %WinDir%\System32\svchost.exe -k pxoogo
HKLM\System\CurrentControlSet\Services\pxoogo\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00700078006F006F0067006F002E0064006C006C000000

Leave a Reply