Threat Database Backdoors Backdoor.Winnti.B

Backdoor.Winnti.B

By Domesticus in Backdoors

Backdoor.Winnti.B is a Trojan that opens a back door on the targeted PC. While being executed, Backdoor.Winnti.B drops a few malevolent files

and creates registry entries. Backdoor.Winnti.B sets a handler routine using SetConsoleCtrlHandler that drops the threat in the file system so that it loads automatically whenever you boot up Windows. Backdoor.Winnti.B connects to a command-and-control server and, thus, permits remote attackers to conduct a variety of harmful actions, such as stealing confidential data. Backdoor.Winnti.B deletes the main component of itseld

after being loaded into memory.

File System Details

Backdoor.Winnti.B may create the following file(s):
# File Name Detections
1. %System%\[RANDOM CHARACTERS].dll
2. %CurrentFolder%\[RANDOM CHARACTERS].dll

Registry Details

Backdoor.Winnti.B may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs" = "[RANDOM CHARACTERS].dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"RequireSignedAppInit_DLLs" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"LoadAppInit_DLLs" = "1"

Trending

Most Viewed

Loading...