BackDoor-DKI.gen.ak

BackDoor-DKI.gen.ak Description

BackDoor-DKI.gen.ak is a malicious backdoor Trojan. BackDoor-DKI.gen.ak is able to run in the background of a system and give remote attackers access to the compromised PC. BackDoor-DKI.gen.ak can spread by exploiting local network shares. Once executed, BackDoor-DKI.gen.ak will join a predefined IRC server and channel in order to participate in DDoS attacks.

Technical Information

File System Details

BackDoor-DKI.gen.ak creates the following file(s):
# File Name Detection Count
1 %AppData%\Xenocode\Sandbox\1.0.0.0\1430.12.21T22.24\Virtual\STUBEXE\@SYSTEM@\server.exe N/A
2 %AppData%\Xenocode\Sandbox\1.0.0.0\1430.12.21T22.24\Virtual\XRegistry.bin N/A
3 %System%\cam\klog.dat N/A

Registry Details

BackDoor-DKI.gen.ak creates the following registry entry or registry entries:
RegistryKey
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost]
[HKEY_CURRENT_USER\Software\Bifrost]