Backdoor Bifrose – kernel31.dll – 01e6fa11b32855db2b89e972ea9e86e4

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Backdoor Bifrose
Also known as: Trojan Generic, Trojan Siggen
SHA256: 56d8f700d12208c9a7b1010563e20ccf03963b654e23666d4451111f59ad8259
SHA1: 0a183a2baa1d39e72db601c0dfe1508a8548f5cf
MD5: 01e6fa11b32855db2b89e972ea9e86e4
File size: 904192 bytes

Created files:

C:\windows\system32\kernel31.dll – Backdoor Bifrose
C:\windows\system32\ujxrle.dll – Backdoor Bifrose
%Temp%\IXP000.TMP\mspaint.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\mstsc.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\netsetup.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\sndrec32.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\sndvol32.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\yong1.exe – Backdoor Bifrose
%Temp%\IXP000.TMP\yongd.exe – Backdoor Bifrose

Backdoor Bifrose created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: rundll32.exe %WinDir%\System32\advpack.dll,DelNodeRunDLL32 “%Temp%\IXP000.TMP\”
HKLM\System\CurrentControlSet\Services\ujxrle\Type: 10010000
HKLM\System\CurrentControlSet\Services\ujxrle\Start: 02000000
HKLM\System\CurrentControlSet\Services\ujxrle\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\ujxrle\DisplayName: ujxrle
HKLM\System\CurrentControlSet\Services\ujxrle\ImagePath: %WinDir%\System32\svchost.exe -k ujxrle
HKLM\System\CurrentControlSet\Services\ujxrle\Parameters\ServiceDll: 2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0075006A00780072006C0065002E0064006C006C000000

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images