Threat Database Backdoors Backdoor.Poisonivy.H

Backdoor.Poisonivy.H

By CagedTech in Backdoors

Threat Scorecard

Threat Level: 60 % (Medium)
Infected Computers: 1
First Seen: November 30, 2010
OS(es) Affected: Windows

Aliases

15 security vendors flagged this file as malicious.

Antivirus Vendor Detection
AVG Generic17.HIW
Antiy-AVL Trojan/Win32.Scar.gen
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Dropper.I
ClamAV Trojan.Agent-139779
F-Prot W32/Rebhip.A.gen!Eldorado
NOD32 a variant of Win32/Spatet.A
AVG Generic17.N
Ikarus Trojan.Win32.Llac
a-squared Trojan.Win32.Llac!IK
Antiy-AVL Trojan/Win32.Llac.gen
Sophos Mal/Behav-328
AntiVir TR/Agent.598016
BitDefender Trojan.Agent.AOFE
Kaspersky Trojan.Win32.Llac.bdm
ClamAV Trojan.Agent-128714

File System Details

Backdoor.Poisonivy.H may create the following file(s):
# File Name MD5 Detections
1. iwrpiww00.tmp 7b4ec36a70c41054f6c8215a2cd59484 1

Analysis Report

General information

Family Name: Trojan.PoisonIvy.H
Signature status: No Signature

Known Samples

MD5: e043454a8a8fa2b470b011ab84728407
SHA1: 7bd3315321042ed5bff9d347ef5ba6398a6a690f
SHA256: 44695641647051057BBE91BDFBA74C13D029EBD8E16BFECA8DCBC1A35F944536
File Size: 10.24 KB, 10240 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have resources
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • No Version Info
  • x86

Block Information

Total Blocks: 45
Potentially Malicious Blocks: 43
Whitelisted Blocks: 2
Unknown Blocks: 0

Visual Map

0 x x x x x x x x x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Packed With PeNinja
  • PoisonIvy.A
  • PoisonIvy.AA
  • PoisonIvy.AC
  • PoisonIvy.F

Trending

Most Viewed

Loading...