SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Rbot.WEC
Rbot.WEC belongs to a large family of backdoors that try to bypass Windows security features. It is a remote administration tool, that once installed, will allow an attacker full control of the compromised machine to perform a variety of malicious activities such as executing commands and stealing data.

File Related Changes
It drops the following file(s) on the system:
  • "c:\Windows\System32\drivers\explore.exe"

Process Related Changes
It creates the following mutex(es):
  • ".."

It creates the following process(es):
  • C:\Windows\system32\drivers\explore.exe

      Registry Related Changes
      It makes the following registry modifications to ensure infection after system reboot:
      • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\explore.exe = C:\Windows\system32\drivers\explore.exe


      Relevant Information