Backdoor:Win32/Dokstormac.A is a trojan that allows unauthorized access and control of an affected computer.
When executed, Backdoor:Win32/Dokstormac.A copies itself to c:\documents and settings\administrator\application data\arcomdir\arcom.exe.
The malware modifies the following registry entries to ensure that its copy executes at each Windows start:
Adds value: "arcomstart"
With data: "c:\documents and settings\administrator\application data\arcomdir\arcom.exe"
To subkey: HKCU\Software\Microsoft\windows\currentversion\run
Allows backdoor access and control
Backdoor:Win32/Dokstormac.A allows unauthorized access and control of an affected computer. An attacker can perform any number of different actions on an affected computer using Backdoor:Win32/Dokstormac.A. This could include, but is not limited to, the following actions:
- Download and execute arbitrary files
- Upload files
- Spread to other computers using various methods of propagation
- Log keystrokes or steal sensitive data
- Modify system settings
- Run or terminate applications
- Delete files
This malware description was produced and published using our automated analysis system's examination of file SHA1 293a1dd3d1133a629c4a5460409adcf65487c85f.