Rbot_47 belongs to a large family of backdoors that try to bypass Windows security features. It is a remote administration tool, that once installed, will allow an attacker full control of the compromised machine to perform a variety of malicious activities such as executing commands and stealing data.
File Related Changes
It drops the following file(s) on the system:
- "c:\a.bat"
- "c:\Windows\System32\system.exe"
Process Related Changes
It creates the following mutex(es):
- "idxs"
- "CB35EF5D-4591-41d9-BBA2-0363342F3783"
It creates the following process(es): - C:\Windows\system32\system.exe
- C:\Windows\system32\cmd.exe [ cmd /c c:\a.bat ]
|
