Threat Database Backdoors Backdoor.Flyoutburn

Backdoor.Flyoutburn

By Domesticus in Backdoors

Backdoor.Flyoutburn is a backdoor Trojan that executes harmful activities on the corrupted PC. Once run, Backdoor.Flyoutburn creates a few folders and the malevolent files on the affected computer system. Backdoor.Flyoutburn creates the registry entry and registry subkeys. Backdoor.Flyoutburn may connect to port 9696 on the particular web addreass. Backdoor.Flyoutburn may also connect to port 61786 on the particular web addresses. Backdoor.Flyoutburn may strive to use local RAS services to open a VPN connection.

File System Details

Backdoor.Flyoutburn may create the following file(s):
# File Name Detections
1. %AllUsersProfile%\Application Data\Microsoft\Windows\Burn\[COMPUTER NAME].dll
2. %AllUsersProfile%\Application Data\Microsoft\Windows\LiveUpdata_Mem\[RANDOM CHARACTERS].dll
3. %AllUsersProfile%\Application Data\Microsoft\Windows\LiveUpdata_Mem\[RANDOM CHARACTERS]_One.dll
4. %Temp%\DW20.dll

Registry Details

Backdoor.Flyoutburn may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\XC
Windows\CurrentVersion\Policies\Explorer\Run "[COMPUTER NAME]" = "[%AllUsersProfile%\Application Data\Microsoft\Windows\Burn\[COMPUTER NAME].dll]"
HKEY_CURRENT_USER\Software\Microsoft\
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\A1

URLs

Backdoor.Flyoutburn may call the following URLs:

dtl.dnsd.me
dtl.eatuo.com
dtl6.mooo.com
internet.3-a.net

Trending

Most Viewed

Loading...