This document contains summaries of various malware threats including Trojans, backdoors, exploits, viruses, and other rogue programs. The summaries describe the key characteristics and behaviors of each threat such as file size, programming language, installation process, and intended malicious activities like stealing passwords, providing remote access, or deleting files.
This document contains summaries of various malware threats including Trojans, backdoors, exploits, viruses, and other rogue programs. The summaries describe the key characteristics and behaviors of each threat such as file size, programming language, installation process, and intended malicious activities like stealing passwords, providing remote access, or deleting files.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online from Scribd
This document contains summaries of various malware threats including Trojans, backdoors, exploits, viruses, and other rogue programs. The summaries describe the key characteristics and behaviors of each threat such as file size, programming language, installation process, and intended malicious activities like stealing passwords, providing remote access, or deleting files.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online from Scribd
family of Trojans written with the aim of stealing user passwords. LdPinch is d esigned to steal confidential information. The Trojan itself is a Windows PE EXE file approximately 17KB in size, packed using UPX. When installing, the Trojan copies itself to the Windows system... Backdoor AdmTmpl.dll Backdoor.Win32.Agobot.a Backdoor.Agobot (also kn own as PhatBot) is a Trojan program which provides the author/ user with remote access to the victim machine. It is managed via IRC. It has a wide range of func tionalities: will not work with a debugger running or under Vmware it can run both as a standard application and... Spyware aelupsvc.dll Trojan-PSW.Win32.LdPinch.abm This Trojan program is d esigned to steal confidential user data. It harvests user names and passwords to a range of services and programs, and incorporates an SMTP server. The Trojan is a Windows PE EXE file, written in C++, and is 58410 bytes in size. Once lau nched, the Trojan copies itself to... Adware certcli.dll Virus.DOS.Put.1939 It is not a dangerous nonmemory resident encrypted parasitic virus. It searches for .EXE files and writes itself to the end of the file. The beginning of virus the body contains the word "PUT" . Sometimes the virus displays the message:... Malware cmdkey.exe Virus.DOS.PM.733 It is a harmless memory resident stealth parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that are executed or closed. When an infected file is opened, the virus di sinfects it. The virus contains the ID-strings: PM Backdoor d3d10.dll Backdoor.Win32.AckCmd This Troajn program can be used for remote administration of the victim machine. It has both a client an d a server component. The server component is written in Microsoft Visual C++. It is 28672 bytes in size, and is not packed in any way. The client component is also written in Microsoft Visual... Malware dmdskres.dll Virus.DOS.ProtoVirus.720.a These are not dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of .COM files that are executed. The viruses contain the text string: ** P rotoVirus v1.0 by Chr'92 ** and check it while installing into the system memor y. If that string is altered, the... Trojan EncDec.dll Trojan.Win32.KillAV.gj This Trojan is a Windows PE EXE file 61440 bytes in size. Once launched, the Trojan causes the following messa ge to be displayed: It then creates a file called Update.bat in the C: root d irectory: C:\Update.bat The Trojan terminates any processes it finds with the names listed below:... Rogue FDResPub.dll Virus.DOS.Eupm.1731 It's a very dangerous memory res ident encrypted virus which hooks INT 21h and infects by a standard manner COM- and EXE-files (except COMMAND.COM) when they are executed. It contains the text: "-- E.U.P.M. 1991 -- COMMAND". On the 1st of every month it erases the disk sec tors. Dialer iccvid.dll Exploit.HTML.Ascii.c This exploit uses a vulnerabilit y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT ML page. It is 1058 bytes in size. It is not packed in any way. Trojan iTVData.dll Trojan.BAT.MkDirs.z This primitive Trojan is written in BAT and is 317 bytes in size. When launched, the virus deletes all the file s from the C:\windows\ directory. Creates directories named "1", "2", "3", "4" etc. up to "18" in the current directory. While deleting files it displays the following text: You are... Backdoor KBDLT2.DLL Backdoor.Win32.RA-based This is a typical client -server remote administration utility that allows connection to remote computer( s) in order to manage its (their) system resources in real time (similar to "pcA nywhere" by Symantec). This utility has a "Remote-Anything" name, and it is deve loped and distributed by the TWD... Trojan KBDTIPRC.DLL Trojan.BAT.FormatC.z This Trojan has a malicious payl oad. It is a BAT file. It is 18 bytes in size. Rogue mgmtapi.dll Virus.DOS.Digger.1000 This is a harmless memory-reside nt parasitic encrypted virus. On execution it removes itself from the host file, then executes it, hooks INT 21h and stays memory resident. It infects the COM a nd EXE files on their execution and inserts itself into their bodies. EXE files are converted to COM format... Trojan MPSSVC.dll Trojan.Win32.Shutdowner.i This Trojan program is a Windows PE EXE file approximately 365KB in size. It is not packed in any way. Once launched, the Trojan will attempt to reboot the victim machine. It is usu ally used in conjunction with other malicious programs. Spyware msprivs.dll Trojan-PSW.Win32.LdPinch.rn This Trojan belongs to a family of Trojans written with the aim of stealing user passwords. LdPinch is d esigned to steal confidential information. The Trojan itself is a Windows PE EXE file approximately 17KB in size, packed using UPX. When installing, the Trojan copies itself to the Windows system... Backdoor NAPSTAT.EXE Backdoor.Win32.BO.a This Trojan (also known as Back Orifice Trojan) is a network-administration utility that allows for the controlling of computers on the network. "'Back Orifice' is a remote administrat ion system, which allows a user to control a computer across a tcpip connection using a simple console or gui... Spyware NlsLexicons0024.dll Trojan-PSW.Win32.Lmir.gen This family of T rojans steals passwords to the online game Legend of Mir. As a rule, programs b elonging to this family are written in high-level programming languages such as Delphi, Visual C/C++, Visual Basic). File sizes vary, and the programs utilize a range of methods to install themselves to... Malware ntkrnlpa.exe Virus.DOS.Shifter.983 This virus infects .OBJ files pr epared to be compiled to COM files. The virus inserts itself into OBJ files so, that after linking to COM executable file the result contains the virus at the b eginning of the file. When that file is executed, the virus receives the control , hooks INT 21h and... Backdoor PresentationCFFRasterizerNative_v0300.dll Backdoor.Win32.J ix.a This Trojan has a built-in remote administration tool. The program itse lf is a Windows PE EXE file approximately 15KB in size, packed using UPX. The u npacked file is approximately 25KB in size. Once launched, the Trojan copies it self to the Windows system directory under one of the following... Backdoor rdprefdrvapi.dll Backdoor.Perl.AEI.16 This Trojan prog ram is designed to provide remote management of systems running UNIX-type operat ing systems. It is a Perl scenario. It is approximately 12KB in size. Dialer sdchange.exe Exploit.Linux.Lacksand This exploit is written in C, an d is approximately 16KB in size. It uses a loophole present in NIPrint LPD-LPR Print Server versions 4.10 and lower. Dialer shell32.dll Exploit.HTML.Ascii.b This exploit uses a vulnerabilit y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT ML page. It is 3616 bytes in size. It is not packed in any way. Trojan synceng.dll Trojan.MSWord.Thief This Trojan uses remote template vulnerability of MS Word 97. The URL is sent to some IRC channels that contain a HTML file that automatically loads and opens an MS Word document that contains reference to another MS Word template-containing Trojan macro. MS Word opens th is template without any... Adware TRAPI.dll Virus.DOS.Zzz.1379 It is a dangerous nonmemory resi dent parasitic virus. It searches for .COM files in the directories C:\WINDOWS\C OMMAND, C:\DN, \CLIENT\WIN95\, then writes itself to the beginning of the file. While infecting the virus creates temporary file ZZZ.TMP. On 20th and 27th of an y month the virus deletes... Dialer vbscript.dll Exploit.HTML.Ascii.j This exploit uses a vulnerabilit y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT ML page. It is 1046 bytes in size. It is not packed in any way. Adware WinFax.dll Virus.DOS.Zzz.1379 It is a dangerous nonmemory resi dent parasitic virus. It searches for .COM files in the directories C:\WINDOWS\C OMMAND, C:\DN, \CLIENT\WIN95\, then writes itself to the beginning of the file. While infecting the virus creates temporary file ZZZ.TMP. On 20th and 27th of an y month the virus deletes... Trojan wmdmps.dll Trojan.Win32.Diamin.jn This Trojan has a malicious payl oad. It is a Windows PE EXE file. It is 29392 bytes in size. It is packed usin g UPX. The unpacked file is approximately 52KB in size. It is written in Delphi . Installation When launched, the Trojan copies its executable file to the Wind ows directory as... Dialer wzcdlg.dll Exploit.HTML.Ascii.e This exploit uses a vulnerabilit y in Internet Explorer (CVE-2006-3227) to run on the victim machine. It is an HT ML page. It is 1315 bytes in size. It is not packed in any way.