Darkmoon.b
Darkmoon.b is a dangerous backdoor with keylogging capabilities. The spyware gives the remote attacker full unauthorized access to a compromised PC. Darkmoon.b allows to manage files, control the entire computer, download and install additional software and perform other malicious actions. Its keylogging module tracks user activity and records all keystrokes. Gathered data is saved into a file. The backdoor hides itself by injecting malicious code into running legitimate processes. It also uses an integrated rootkit that hides Darkmoon.b files. The threat can bypass almost any firewall. Darkmoon.b secretly runs as a service on every Windows startup.
File System Modifications
- The following files were created in the system:
# File Name 1 fucksnow.exe 2 yndbybmh.d1l 3 yndbybmh.dll 4 yndbybmh.sys
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_YNDBYBMHHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesdmserverParametersServiceDll=%System%yndbybmh.d1lHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesyndbybmh
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.