Backdoor.Baccamun

By GoldSparrow in Backdoors

Threat Scorecard

Popularity Rank:	19,989
Threat Level:	80 % (High)
Infected Computers:	161

First Seen:	July 28, 2014
Last Seen:	March 29, 2026
OS(es) Affected:	Windows

Backdoor.Baccamun is a backdoor Trojan horse infection that is apt to exploit ActiveX controls within Windows Common Controls. Through its actions, Backdoor.Baccamun may make a system vulnerable to attacks where a remote attacker could gain access. It is in a computer user’s best interest to utilize the proper tools for detecting and removing the Backdoor.Baccamun threat before it causes serious system damage. Backdoor.Baccamun may also be used to attack documents mostly on Korean based systems.

Table of Contents

File System Details

Backdoor.Baccamun may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%Windir%\Tasks\taskmgr.exe
Name: %Windir%\Tasks\taskmgr.exe Type: Executable File Group: Malware file

Registry Details

Backdoor.Baccamun may create the following registry entry or registry entries:

HKEY..\..\{Value}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Java Run Environment 1.1.0023\" = "%Windir%\tasks\taskmgr.exe"

URLs

Backdoor.Baccamun may call the following URLs:

www.telecom.ntdll.net

Analysis Report

General information

Family Name:	Trojan.Dinwod.B
Signature status:	Self Signed

Known Samples

MD5: b579a13779c72d1993708f3b9531093b

SHA1: f42d89b04566900d6e30bcd74213b6db5eea49a0

SHA256: 0F5E30229809FA86ED62C90B144D246333A015E259135F21775C90DE18383A52

File Size: 412.03 KB, 412032 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)

IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer	Root	Status
AOL Inc.	VeriSign Class 3 Code Signing 2009-2 CA	Self Signed

File Traits

HighEntropy
x86

Files Modified

File	Attributes
c:\users\user\appdata\local\temp\nswa4c7.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nswa4c7.tmp\context.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswa4c7.tmp\context.ini	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nswa4c7.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswa4c7.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\sdcdm\context.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\sdcdm\downloadmanager.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sdcdm\libcurl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\sdcdm\zlib1.dll	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e41\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Process Manipulation Evasion	NtUnmapViewOfSection
Process Shell Execute	ShellExecute
Network Winsock2	WSAStartup
Anti Debug	OutputDebugString
Network Winsock	closesocket gethostbyname inet_addr socket

Shell Command Execution


							Open C:\Users\Deizknru\AppData\Local\Temp\SDCDM\DownloadManager.exe

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

Backdoor.Baccamun

Threat Scorecard

EnigmaSoft Threat Scorecard

File System Details

Registry Details

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Digital Signatures

Digital Signatures

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Mr Beast Discord Scam

Giant Coupons Official Extension

Chainbridgeworks.co.in

Most Viewed

How To Fix 'Printer Driver is Unavailable' Error

Pornktube.porn

Discord Shows Black Screen when Sharing Screen