BackDoor-DKI.gen.ak Description
BackDoor-DKI.gen.ak is a malicious backdoor Trojan. BackDoor-DKI.gen.ak is able to run in the background of a system and give remote attackers access to the compromised PC. BackDoor-DKI.gen.ak can spread by exploiting local network shares. Once executed, BackDoor-DKI.gen.ak will join a predefined IRC server and channel in order to participate in DDoS attacks.
Technical Information
File System Details
BackDoor-DKI.gen.ak creates the following file(s):
# | File Name | Detection Count |
---|---|---|
1 | %AppData%\Xenocode\Sandbox\1.0.0.0\1430.12.21T22.24\Virtual\STUBEXE\@SYSTEM@\server.exe | N/A |
2 | %AppData%\Xenocode\Sandbox\1.0.0.0\1430.12.21T22.24\Virtual\XRegistry.bin | N/A |
3 | %System%\cam\klog.dat | N/A |
Registry Details
BackDoor-DKI.gen.ak creates the following registry entry or registry entries:
Registry key
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost]
[HKEY_CURRENT_USER\Software\Bifrost]