BKDR_TENGO.A
BKDR_TENGO.A is a backdoor Trojan that circulates using genuine analysis program. Cybercriminlas distribute the Winnti malware to gain control of the target computer user's PC using BKDR_TENGO.A involved in the genuine Aheadlib analysis program. BKDR_TENGO.A spreads to an attacked computer as an authentic system DLL file, named 'winmm.dll', like most of the Winnti samples. This is done using a legitimate application named 'Aheadlib', which is a genuine analysis tool. Aheadlib is a tool used by several businesses to construct C code from DLL files. The cybercrooks reportedly used the tool, which is connected to a variety of parts of the network it is analysing, to create a BKDR_TENGO.A they can use to evade the PC's security protocols. Aheadlib accepts any DLL file and is able to construct C code to hook all the functions given by the original library. This is very benfeicial in analysing malware, but can also be abused to help create files that pass themselves off as genuine system libraries. The main behavior of the file is to steal Microsoft Office, .PDF, and .TIFF files from USB drives embedded into the machine.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.