Threat Database Backdoors Backdoor:Win32/Vawtrak.A


By Sumo3000 in Backdoors

Threat Scorecard

Threat Level: 60 % (Medium)
Infected Computers: 10
First Seen: May 22, 2013
Last Seen: October 29, 2020
OS(es) Affected: Windows

Backdoor:Win32/Vawtrak.A is a backdoor Trojan that enables cybercriminals to obtain full remote access and control of the compromised PC. Backdoor:Win32/Vawtrak.A can also steal information such as login information if a victimized computer user visits particular banking websites. Backdoor:Win32/Vawtrak.A is used by fraudsters to take over personal financial information of the attacked PC user. Backdoor:Win32/Vawtrak.A aims at stealing private details and personal information from the target web user to carry out a fraud. Backdoor:Win32/Vawtrak.A may steal the victim's information by recording usernames and passwords. Backdoor:Win32/Vawtrak.A may make continuous changes to the corrupted PC's configuration that cannot be restored by finding and uninstalling this malware infection.

SpyHunter Detects & Remove Backdoor:Win32/Vawtrak.A

File System Details

Backdoor:Win32/Vawtrak.A may create the following file(s):
# File Name MD5 Detections
1. JubuJujf.nvk 6b4f8858ba6759aaa5e80a2e540a0566 4
2. ejrtzpaz.dat
3. uvfuvwog.dat
4. zlbgqk.dat
5. degwbxm.dat
6. iopwark.dat
7. xausgo.dat
8. dqxcovwm.dat
9. fvvifvwz.dat
10. wthejcy.dat
11. file.exe b831b18b9767071930691ae98d4f3b77 0

Registry Details

Backdoor:Win32/Vawtrak.A may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[DLL file name]" = "regsvr32.exe /s "%ALLUSERSPROFILE%\AppData\[DLL file name].dat""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "TabProcGrowth" = "dword:00000000"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "bqbclrtr" = "regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\bqbclrtr.dat""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "NoProtectedModeBanner" = "dword:00000001"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 "2500" = "dword:00000003"


Most Viewed