Threat Database Backdoors Backdoor.Blobhash

Backdoor.Blobhash

By ZulaZuza in Backdoors

Threat Scorecard

Ranking: 16,607
Threat Level: 10 % (Normal)
Infected Computers: 213
First Seen: September 27, 2013
Last Seen: September 18, 2023
OS(es) Affected: Windows

Backdoor.Blobhash is a backdoor Trojan that drops files and opens a back door on the affected computer. Once executed, Backdoor.Blobhash creates the potentially malevolent file. Backdoor.Blobhash then creates the registry subkey. Backdoor.Blobhash opens a back door on the compromised PC, which enables a cybercriminal to accomplish damaging actions. Backdoor.Blobhash may then connect to the particular remote locations. Backdoor.Blobhash then drops an encrypted DLL file and embeds it into the 'explorer.exe' process. The DLL file can receive the specific commands from a distant server, such as update existing DLL and make modifications to configuration of the back door.

SpyHunter Detects & Remove Backdoor.Blobhash

File System Details

Backdoor.Blobhash may create the following file(s):
# File Name Detections
1. %UserProfile%\Application Data\Microsoft\Crypto\RSA\ntcrypt[RANDOM CHARACTERS].tpl

Registry Details

Backdoor.Blobhash may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\5A82739996ED9EBA18F1BBCDCCA62D2C1D670C
software\MyWordTool

Directories

Backdoor.Blobhash may create the following directory or directories:

%appdata%\MyWordTool
%localappdata%\MyWordTool

URLs

Backdoor.Blobhash may call the following URLs:

37.221.162.45
37.221.162.47
46.45.181.50
[http://]bestsolution134.org/SC/logo3[REMOVED]
[http://]bestsolution134.org/SC/logo6[REMOVED]

Trending

Most Viewed

Loading...