Threat Information for "BackDoor.Dosia"
| Description | Top |
-- Ease of Removal 1: Runs as a service 2: Uses running processes 3: Consistently named 4: Consistent file contents -- Privacy Risks/Security Changes 1: Opens backdoors 2: Mimics legitimate file names -- Damage/Intrusion/Annoyance 1: Modifies non-critical registry entries 2: Significantly slows down the computer 3: Creates new files 4: Autoruns at startup without an option to be disabled -- Propagation/Saturation 1: Infects with other exploitation method 2: Infects from a link in an email 3: Infects from an email attachment 4: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %WINDIR%\hkr32.asm - Added Directory/File:
FilePath: %SYSTEMDIR%\ntswrl32.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\ldapi32.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\vssms32.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\ntcvx32.dll - Added Registry Key:
Key: HKLM\SYSTEM\CurrentControlSet\Services\oreans32 - Added Registry Key:
Key: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List - Added Registry Key:
Key: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32 - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: vssms32
