arrow_back
search
close

BKDR_ANDROM.CM

November 16, 2012
 Modified by: Rika Joi Gregorio
 ALIASES:

Worm:Win32/Gamarue.I (Microsoft), Win32/TrojanDownloader.Wauchos.A trojan (Eset), Trojan.Agent.AXJV (Bitdefender)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Backdoor

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This backdoor arrives as an attachment to email messages spammed by other malware/grayware or malicious users.

  TECHNICAL DETAILS

File Size:

52071 bytes

File Type:

EXE

Memory Resident:

Yes

Initial Samples Received Date:

15 Nov 2012

Arrival Details

This backdoor arrives as an attachment to email messages spammed by other malware/grayware or malicious users.

Installation

This backdoor drops the following copies of itself into the affected system:

  • {All User's Profile}\svchost.exe

Autostart Technique

This backdoor adds the following registry entries to enable its automatic execution at every system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
SunJavaUpdateSched = "{All User's Profile}\svchost.exe"

Other System Modifications

This backdoor creates the following registry entry(ies) to bypass Windows Firewall:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{malware path}\{malware name}.exe = "{malware path}\{malware name}.exe:*:Enabled:{malware name}"