Downloader.Generic, Downloader, Trojan.Win32.Scar.rfw, BackDoor-DKA(hosted in United States Vpls Inc. D/b/a Krypt Technologies)

Interessing malware

here some infos i got from the exe:

a.ip-163.com DNS_TYPE_A 174.139.61.74

what it does:

Write to foreign memory areas: This executable tampers with the execution of another process.
Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary.
Start/Install windows service: This executable starts a windows service. Services have the highest level of privilege in Windows, and are thus useful for a number of malicious purposes.
Autostart capabilities: This executable registers processes to be executed at system start. This could result in unwanted actions to be performed automatically.
Creates files in the Windows system directory: Malware often keeps copies of itself in the Windows directory to stay undetected by users.
Execution did not terminate correctly: The executable crashed.
Modify system files: This executable modifies files in the windows system directories.
Spawns Processes: The executable produces processes during the execution.
Performs Registry Activities: The executable creates and/or modifies registry entries.

exe file if someone want to search inside

hosting infos:
http://whois.domaintools.com/174.139.61.74

Categories: Uncategorized