Cotação de desconto para licenças múltiplas

Mudar de região

English Português
Banco de Dados de Ameaças Backdoors Backdoor.Rbot

Backdoor.Rbot

Por GoldSparrow em Backdoors
Traduzir Para:

Cartão de pontuação de ameaças

Nível da Ameaça: 80 % (Alto)
Computadores infectados: 490
Visto pela Primeira Vez: July 24, 2009
Visto pela Última Vez: March 20, 2025
SO (s) Afetados: Windows


O Backdoor.Rbot é um Trojan de backdoor desagradável para a plataforma do Windows. O Backdoor.Rbot se propaga através de redes compartilhadas locais, de vulnerabilidades do Plug-and-Play e de outras falhas na segurança do navegador. Uma vez executado, o Backdoor.Rbot permitirá que um atacante remoto possa obter acesso e controle sobre o computador da vítima, usando um prompt de comando. Isto coloca quaisquer informações pessoais ou financeiras, armazenados no seu computador, em grave perigo e representa um grave risco de segurança.

Outros Nomes

15 fornecedores de segurança sinalizaram este arquivo como malicioso.

Antivirus Vendor Detecção
AhnLab-V3 Win-Trojan/Xema.variant
McAfee-GW-Edition Heuristic.LooksLike.Win32.Winwebsec.B
AntiVir TR/Agent.172032.BD
McAfee Generic.dx!kvq
AVG Win32/PolyCrypt
AhnLab-V3 Malware/Win32.Trojan Horse
Sophos Mal/Packer
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Packed.B
AntiVir PCK/YodaProt
Comodo TrojWare.Win32.TrojanDownloader.Agent.accn
ClamAV PUA.Packed.YodaProtector
NOD32 probably a variant of Win32/Agent.BTWMZCQ
McAfee Generic.dx!mag
Symantec Suspicious.Insight
Panda Trj/Lineage.BZE

SpyHunter detecta e remove Backdoor.Rbot

Detalhes Sobre os Arquivos do Sistema

Backdoor.Rbot pode criar o(s) seguinte(s) arquivo(s):
Expandir todos | Recolher todos
# Nome do arquivo MD5 Detecções
1. LauncherG4.exe ed2cf5843530083d5f59fc8408d0689c 139
2. webxl.exe 5aa14df443bed4044270376a92335c07 86
3. laplink.exe acfd7e28bc4596d93a8021a95abe6045 19
4. ASMonitor.exe e555cc1631373c69235864b11d423e5f 19
5. gamexl.exe 284258b9aa54d6eac529e7ab5a2cc72d 13
6. jjiwyfaif.exe f90bf8b3287e4d2ed903d5670b9e5301 10
7. c9x1l2m7z.exe ad7621465b6ff769a0b66faf6c59f35e 6
8. MsnSys.exe 4cddb846c5005415c8479935003dd08d 6
9. slvhost.exe b105c0b1dbd44c9377fb53323a54314a 5
10. Imagen5.exe 100c01b816ddc64bfb556732a137526e 5
11. iwbiej.exe e6de564d9fe19589dd0b173c67cfbf9d 4
12. Albino3Installer301.exe 5c77796ec28de0a64ea8e417be02e225 4
13. pkecbowpv.exe f95893f180fd8fed16f27b13790382dd 3
14. dragonage.exe 7c5ef2a797028ab9b312b263e30ea6e5 1
15. kbqoog.exe 1998e8df756d372160c8515e26dfb71d 1
16. winsystems.exe 0391e9796711cdd1ffd60d6a552c47c4 1
17. wuitgurd.exe f3f75ca1d0b8182203a35ff6af84cfe7 1
18. Winnet32.exe 8ee14d82b761e6e3a340d1c84f4b3ba2 1
19. sabhost.exe 449aa6e148987f191c673de3b2a65f31 1
20. w32serv.exe cf61065b0773225676217d6fc1b1701e 1
21. delta.exe 6040da4aa1430c853dc8b67f2157da62 1
22. svho0st98.exe 2d4d9f0eb02175f31216a8ee672e938f 0
23. rBot.exe 6e1c383159866fd6011bda7bb97f4c8d 0
24. taskmnegr.exe c53c08120fb41a9242bf69c4c9d23c39 0
25. svchost.exe d1bf9cb050e99866007d3f91b54ad231 0
26. mskeyboardrun.exe 3ef1313c66932a18620e8180c3aa3930 0
27. msn.exe 51231178888e36983d36443dbe753778 0
28. lsass.exe d5991f0c78e63d2409e39e071bf5d831 0
Arquivos Adicionais

Relatório de análise

Informação geral

Family Name: Trojan.Rbot
Signature status: Root Not Trusted

Known Samples

MD5: c0d7542ca87de3c5ab1aa2939ec81a32
SHA1: a81fff1b699ece66baa480a34aa7455ba7b3c05d
SHA256: 8A2B37C69D0563F8CAE330FA0E699F9497DB5D42CAC922CDF9B4E49834FF5DAE
Tamanho do Arquivo: 178.11 KB, 178112 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Digital Signatures

Signer Root Status
Firefly Global, LLC AddTrust External CA Root Root Not Trusted
Firefly Global, LLC AddTrust External CA Root Root Not Trusted

File Traits

  • x64

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\devmanview.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\devmanview64.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\driveruninstall_combined.cmd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsge542.tmp\nsexec.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uninstall.iss Generic Write,Read Attributes
c:\users\user\appdata\local\temp\uninstall_twain.iss Generic Write,Read Attributes

Registry Modifications

Key::Value Dados API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 蟝囝㙕ǜ RegNtPreCreateKey

Windows API Usage

Category API
Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable
  • win32u.dll!NtGdiHfontCreate
  • win32u.dll!NtGdiIntersectClipRect
  • win32u.dll!NtGdiQueryFontAssocInfo
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtGdiSetLayout

63 additional items are not displayed above.

Other Suspicious
  • AdjustTokenPrivileges

Shell Command Execution

"C:\Users\Ztfecmdq\AppData\Local\Temp\DriverUninstall_Combined.cmd"
C:\WINDOWS\system32\reg.exe reg Query "HKLM\Hardware\Description\System\CentralProcessor\0"
C:\WINDOWS\system32\find.exe find /i "x86"
C:\Users\Ztfecmdq\AppData\Local\Temp\devmanview64.exe "DevManView64.exe" /disable "Wireless Digital Microscope"

Postagens Relacionadas

Tendendo

German Federal Criminal Police Ransomware (BKA)...

Segurança do Computador
Ultimamente, as ameaças de ransomware cresceram em abundância, aproveitando uma infinidade de falsas alegações, desde as autoridades policiais locais que detectam a distribuição de software ilegal até a exibição de pornografia infantil. Mais recentemente, notificamos uma ameaça específica de ransomware, apelidada de BKA da Polícia Criminal Federal da Alemanha (BKA), que teve casos em que na...

Mais visto

Carregando...