Backdoor IRCBot – ClearPluginsCache.exe – bc5400084e3351858b38c4ffb1f05022

Backdoor IRCBot
Also known as: Trojan Generic, Backdoor Maximus
SHA256: c77bba10247fef01794c3e37d17d5aacc41ad9149b93cb526304b7756dc58274
SHA1: c39f01e2fe3fecc6fa0deaa4e632af3f12ec3514
MD5: bc5400084e3351858b38c4ffb1f05022
File size: 340692 bytes

Created files:

%SysDir%\DC++ Share\ClearPluginsCache.exe – Backdoor IRCBot
%SysDir%\DC++ Share\ExtExport.exe – Backdoor IRCBot
%SysDir%\DC++ Share\Far.exe – Backdoor IRCBot
%SysDir%\DC++ Share\icwconn1.exe – Backdoor IRCBot
%SysDir%\DC++ Share\icwconn2.exe – Backdoor IRCBot
%SysDir%\DC++ Share\icwrmind.exe – Backdoor IRCBot
%SysDir%\DC++ Share\icwtutor.exe – Backdoor IRCBot
%SysDir%\DC++ Share\iedw.exe – Backdoor IRCBot
%SysDir%\DC++ Share\iexplore.exe – Backdoor IRCBot
%SysDir%\DC++ Share\inetwiz.exe – Backdoor IRCBot
%SysDir%\DC++ Share\isignup.exe – Backdoor IRCBot
%SysDir%\DC++ Share\msinfo32.exe – Backdoor IRCBot
%SysDir%\DC++ Share\msmsgs.exe – Backdoor IRCBot
%SysDir%\DC++ Share\plutil.exe – Backdoor IRCBot
%SysDir%\DC++ Share\RestoreSettings.exe – Backdoor IRCBot
%SysDir%\DC++ Share\sapisvr.exe – Backdoor IRCBot
%SysDir%\DC++ Share\SaveSettings.exe – Backdoor IRCBot
%SysDir%\DC++ Share\WebKit2WebProcess.exe – Backdoor IRCBot
%SysDir%\sIRC4.exe – Backdoor IRCBot
%SysDir%\xdccPrograms\APSDaemon.exe – Backdoor IRCBot
%SysDir%\xdccPrograms\defaults.exe – Backdoor IRCBot
%SysDir%\xdccPrograms\distnoted.exe – Backdoor IRCBot
%SysDir%\xdccPrograms\KillOK.exe – Backdoor IRCBot
%SysDir%\xdccPrograms\Network Setup Wizard.exe – Backdoor IRCBot
%SysDir%\xdccPrograms\Opera_1161_int_Setup.exe – Backdoor IRCBot
%SysDir%\xdccPrograms\SafariSetup.exe – Backdoor IRCBot
%SysDir%\xdccPrograms\SoftwareUpdate.exe – Backdoor IRCBot
%SysDir%\xdccPrograms\Wireless Network Setup Wizard.exe – Backdoor IRCBot

Backdoor IRCBot created autostart registry keys:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe sIRC4.exe