|Typical Symptoms||Information leak,Key Logging,Accessing certain IRC server,Downloading a particular file,Opens the specific port,Creates file|
|Discovered|| [korea] 0000-00-00
|Scan engine needed||
2014-08-19 [Able to detect & repair]
It's a Backdoor malicious code(Server-side polymorphism). It collects information from infected systems and runs by command codes from a C&C server.
Here are main malicious actions by this malware.
- Download and run malicious codes.
This malicious code uses ' Server-side polymorphism', therefore distributed files' MD5 is changed continuously. (But, the function of this malicious code is same as a Backdoor malware.)
1. It creates the following files.
C:WINDOWS(Random names)svchsot.exe => Self-replication
2. It creates the following registry values.
3. It registers the following task scheduler.
4. It accesses the following network.
[How to repair]