Threat Database Backdoors Backdoor.Mudsy

Backdoor.Mudsy

By JubileeX in Backdoors

Backdoor.Mudsy is a backdoor Trojan that opens a back door on the contaminated computer system. Backdoor.Mudsy is usually distributed by a specially crafted RTF document exploiting the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158). Once run, Backdoor.Mudsy creates the damaging files on the compromised PC. The document.doc file downloaded by

Backdoor.Mudsy is not damaging. Backdoor.Mudsy creates the registry entries so that it can load automatically whenever the computer user starts Windows. Backdoor.Mudsy connects to port 8081 on the particular IP address. Backdoor.Mudsy may fulfill harmful activities such as download and upload files, run commands and delete registry 'Run' keys.

File System Details

Backdoor.Mudsy may create the following file(s):
# File Name Detections
1. %Temp%\update.exe
2. %System%\msdap.dll
3. %Temp%\vbScript.bat
4. %Temp%\document.doc

Registry Details

Backdoor.Mudsy may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Display Card Driver" = "rundll32.exe %System%\msdap.dll,Display"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Display Card Driver" = "rundll32.exe %System%\msdap.dll,Display"

Trending

Most Viewed

Loading...