Backdoor.Snifula.D

Backdoor.Snifula.D Description

Backdoor.Snifula.D is a backdoor Trojan that opens a back door on the corrupted PC. When activated, Backdoor.Snifula.D may modify the particular registry entry in order to disable a security notification. Backdoor.Snifula.D may modify the particular registry entry in order to decrease Internet Explorer security settings. Backdoor.Snifula.D also creates a few registry entries. Backdoor.Snifula.D may contact the particular command and control (C&C) servers using a POST request on HTTP port 80. Backdoor.Snifula.D may then gain several commands. Backdoor.Snifula.D may then steal cookie information as well as distribute and execute files from a remote location. Backdoor.Snifula.D may also steal certificates from the victim and forward them to the C&C server. Backdoor.Snifula.D may then create an archive with the stolen certificates in the specific location.

Technical Information

Registry Details

Backdoor.Snifula.D creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\"Version" = "[HEXADECIMAL VALUE]"
HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\"k2" = "[HEXADECIMAL VALUE]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\"2500" = "0"
HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\"s1" = "[HEXADECIMAL VALUE]"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner
HKEY_CURRENT_USER\Software\AppDataLow\{GUID}\"k1" = "[HEXADECIMAL VALUE]"

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.

By Sumo3000 in Backdoors