Bird_banner_small4
Backdoor.Win32.Saadforks.A
TSL ID TSL20170711-18
Severity High
Description

Backdoor.Win32.Saadforko.A is a Backdoor that targets the Windows OS. System information is transmitted to a remote controller by using a customized protocol that uses the TCP layer. In addition to acting as a Backdoor, this malware family also supports commands to enumerate local files, execute shell commands, download files, upload files, delete files, terminate processes, upload detailed OS info, and may take screenshots. No known persistence mechanism was observed.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 675DA0F5B92B69A32BA48B3067FDD961
SHA1:
  • BD93F1DCC9EF3979096930D5D1309B9D69F286ED
Identifiers
Kaspersky
  • HEUR:BACKDOOR.WIN32.THOUYOGIS.GEN
McAfee
  • RDN/GENERIC.DX
Symantec
  • TROJAN.GEN.2
TrendMicro
Arcabit
  • TROJAN.GENERIC.D4FCD1F
Avira
  • TR/AGENT.MMUVW
BitDefender
  • TROJAN.GENERICKD.5229855
Bkav
  • W32.EHEUR.MALWARE00
Cyren
  • W32/TROJAN.FUEW-4972
ESET-NOD32
  • WIN32/AGENT.YVG
K7AntiVirus
  • TROJAN(0050D5031)
NANO-Antivirus
  • TROJAN.WIN32.AGENT.EQQVUC
Rising
  • TROJAN.AGENT!8.B1E
Tencent
  • WIN32.TROJAN.GENERIC.WOGJ
VBA32
  • TROJAN.DOWNLOADER.GEN.H
ViRobot
  • TROJAN.WIN32.Z.AGENT.331776.OC
Yandex
  • TROJAN.AGENT!DRVGJ+FWZHE
Zillya
  • TROJAN.AGENT.WIN32.805016
References http://www.virusradar.com/en/Win32_Agent.YVG/description
Related Threats