Backdoor.MSIL.Schadingrat.A - TELUS Security Labs

Research

Home >> Research>> Backdoor.MSIL.Schadingrat.A

Backdoor.MSIL.Schadingrat.A

TSL ID

TSL20120814-06

Severity

High

Description

Backdoor.MSIL.Schadingrat.A is a Backdoor Bot agent that targets the Windows and other platforms supporting MSIL executables. This malware can accept several commands from a remote server, which include keylogging, taking a snapshot, controlling a webcam, sending out files, opening a command shell, performing DDoS attacks and others. It also creates registry keys in order to get started after system reboot.

Affected Products

Microsoft Windows All Versions

File Hashes

MD5:

0976C629642456A39BEA0C4C701E7AC0

SHA1:

E1D39DAE1B41B19D5DF649BFF620ACE70C3519C0

Identifiers

Kaspersky		TROJAN-DROPPER.WIN32.DAPATO.WUY
Microsoft Malware Protection Center		TROJANSPY:MSIL/LENC.A
Avira		TR/GENOME.MTPD
BitDefender		BACKDOOR.GENERIC.526257
ESET		MSIL/PSW.AGENT.NBQ
Fortinet		MSIL/STEALER.GC!TR

References

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3aMSIL%2fLenc.A&ThreatID=-2147319566

Related Threats