Skip navigation.

asaygo's blog


I have uploaded a sample of this Backdoor.
md5sum: a1d74a9027b8e81b6f2296112144517c

Below is a short description:
When it's executed, the malware will create a file named rdihost.dll in %Windir%\System32 folder and it will inject it in explorer.exe process.
It will create an own copy as an archive in %windir% folder, named "photo"
Then it will connect to an IRC channel on www.fre[blocked] and will wait for commands from a malicious attacker. The connection string is "lol lol lol :shadowbot2"

Syndicate content