The trojan adds itself to the start menu to make sure it loads each time Windows starts. It copies itself as <start menu>\Programs\Startup\killmdx.
Connects to a remote server
tries to connect to a remote server to receive commands.
We have seen it contact hackxiaoben.3322.org
Allows backdoor access and control
This trojan gives an attacker access and control of your computer, including, but not limited to, the following actions:
- Downloading and running files, including malware
- Uploading files
- Spreading to other computers
- Logging keystrokes or stealing sensitive information
- Modifying system settings
- Running or stopping applications
- Deleting files
Analysis by Daniel Radu
The following system changes may indicate the presence of this malware:
- The presence of the following files: