Threat Database Backdoors BKDR_PLUGX.DMI

BKDR_PLUGX.DMI

By Sumo3000 in Backdoors

Threat Scorecard

Threat Level: 20 % (Normal)
Infected Computers: 1
First Seen: April 26, 2013
Last Seen: December 11, 2021
OS(es) Affected: Windows

BKDR_PLUGX.DMI is a backdoor Trojan that attacks legitimate programs, which include Microsoft, Lenovo, and McAfee. BKDR_PLUGX.DMI uses common programs to load its infected .DLL components on the affected PC. BKDR_PLUGX.DMI can use any executable file and identified programs. BKDR_PLUGX.DMI also uses a particular vulnerability found in an executable when .DLLs are loaded, particularly on how executable files load the first .DLL file in a particular folder. BKDR_PLUGX.DMI uses numerous common files to load its damaging components on the infected computer system. BKDR_PLUGX.DMI uses 'HHC.EXE, which is a genuine Microsoft file for HTML Help. BKDR_PLUGX.DMI loads 'hha.dl'l, which then loads 'hha.dll.bak'. Both files are found as BKDR_PLUGX.DMI. BKDR_PLUGX.DMI pairs a specific .DLL file with an executable file. BKDR_PLUGX.DMI loads the encrypted file with the same file name with an additional extension.

File System Details

BKDR_PLUGX.DMI may create the following file(s):
# File Name Detections
1. hha.dll
2. HHC.EXE
3. hha.dll.bak

URLs

BKDR_PLUGX.DMI may call the following URLs:

renewappwno1.store

Trending

Most Viewed

Loading...