Backdoor Maximus – 0d201edcccf7b2c098a109bba09e81d7

Backdoor No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Backdoor Maximus
Also known as: Trojan Delf
SHA256: a2aaa16d61d195b1286f52c8d0cb2da57cb1359b0c0a3072a6b46e4ac5c834d9
SHA1: 794c42dbdb3f4315ad36370eef010fe5607f7065
MD5: 0d201edcccf7b2c098a109bba09e81d7
File size: 1178571 bytes

Created files:

%SysDir%\drivers\etc\systemp\1.dll – Backdoor Maximus
%SysDir%\drivers\etc\systemp\cygcrypt-0.dll – Backdoor Maximus
%SysDir%\drivers\etc\systemp\cygwin1.dll – Backdoor Maximus
%SysDir%\drivers\etc\systemp\kill.exe – Backdoor Maximus
%SysDir%\drivers\etc\systemp\servicesnt.exe – Backdoor Maximus
%SysDir%\drivers\etc\systemp\spool.exe – Backdoor Maximus
%SysDir%\drivers\etc\systemp\svchost.exe – Backdoor Maximus
%SysDir%\drivers\etc\systemp\TAR.EXE – Backdoor Maximus
%SysDir%\drivers\etc\systemp\tlist.exe – Backdoor Maximus
%SysDir%\drivers\etc\systemp\update.bat – Backdoor Maximus

Backdoor Maximus created autostart registry keys:

HKLM\System\CurrentControlSet\Services\EventLog\Application\spoolntA\EventMessageFile: %WinDir%\System32\drivers\etc\Systemp\servicesnt.EXE
HKLM\System\CurrentControlSet\Services\EventLog\Application\spoolntA\TypesSupported: 07000000
HKLM\System\CurrentControlSet\Services\EventLog\Application\svchostntA\EventMessageFile: %WinDir%\System32\drivers\etc\Systemp\servicesnt.EXE
HKLM\System\CurrentControlSet\Services\EventLog\Application\svchostntA\TypesSupported: 07000000
HKLM\System\CurrentControlSet\Services\spoolntA\Type: 10000000
HKLM\System\CurrentControlSet\Services\spoolntA\Start: 02000000
HKLM\System\CurrentControlSet\Services\spoolntA\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\spoolntA\DisplayName: servicesnt Service: spoolntA
HKLM\System\CurrentControlSet\Services\spoolntA\ImagePath: %WinDir%\System32\drivers\etc\Systemp\servicesnt.EXE
HKLM\System\CurrentControlSet\Services\spoolntA\Parameters\FireStarter: %WinDir%\System32\drivers\etc\Systemp\spool.exe %WinDir%\System32\drivers\etc\Systemp\spool.ini
HKLM\System\CurrentControlSet\Services\spoolntA\Parameters\WorkingDir: %WinDir%\System32\drivers\etc\Systemp
HKLM\System\CurrentControlSet\Services\spoolntA\Parameters\ProcessMonitorEnabled: 01000000
HKLM\System\CurrentControlSet\Services\spoolntA\Parameters\ProcessMonitorFrequency: 88130000
HKLM\System\CurrentControlSet\Services\spoolntA\Parameters\ProcessAutoRestart: 01000000
HKLM\System\CurrentControlSet\Services\svchostntA\Type: 10010000
HKLM\System\CurrentControlSet\Services\svchostntA\Start: 02000000
HKLM\System\CurrentControlSet\Services\svchostntA\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\svchostntA\DisplayName: servicesnt Service: svchostntA
HKLM\System\CurrentControlSet\Services\svchostntA\ImagePath: %WinDir%\System32\drivers\etc\Systemp\servicesnt.EXE
HKLM\System\CurrentControlSet\Services\svchostntA\Parameters\FireStarter: %WinDir%\System32\drivers\etc\Systemp\svchost.exe %WinDir%\System32\drivers\etc\Systemp\1.dll
HKLM\System\CurrentControlSet\Services\svchostntA\Parameters\WorkingDir: %WinDir%\System32\drivers\etc\Systemp
HKLM\System\CurrentControlSet\Services\svchostntA\Parameters\ProcessMonitorEnabled: 01000000
HKLM\System\CurrentControlSet\Services\svchostntA\Parameters\ProcessMonitorFrequency: 88130000
HKLM\System\CurrentControlSet\Services\svchostntA\Parameters\ProcessAutoRestart: 01000000

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images