Backdoor:Win32/Zegost.AK is a trojan that allows unauthorized access and control of an affected computer.
When executed, Backdoor:Win32/Zegost.AK copies itself to <system folder>\runr.exe.
Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
The malware modifies the following registry entries to ensure that its copy executes at each Windows start:
Adds value: "zxcd"
With data: "c:\windows\system32\runr.exe"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Allows backdoor access and control
Backdoor:Win32/Zegost.AK allows unauthorized access and control of an affected computer. An attacker can perform any number of different actions on an affected computer using Backdoor:Win32/Zegost.AK. This could include, but is not limited to, the following actions:
- Download and execute arbitrary files
- Upload files
- Spread to other computers using various methods of propagation
- Log keystrokes or steal sensitive data
- Modify system settings
- Run or terminate applications
- Delete files
This malware description was produced and published using our automated analysis system's examination of file SHA1 e5f32e79d8c0b51f690edc19e00671195a6617a5.