Home Malware Programs Backdoors Darkmoon.b

Darkmoon.b

Posted: March 28, 2006

Darkmoon.b is a dangerous backdoor with keylogging capabilities. The spyware gives the remote attacker full unauthorized access to a compromised PC. Darkmoon.b allows to manage files, control the entire computer, download and install additional software and perform other malicious actions. Its keylogging module tracks user activity and records all keystrokes. Gathered data is saved into a file. The backdoor hides itself by injecting malicious code into running legitimate processes. It also uses an integrated rootkit that hides Darkmoon.b files. The threat can bypass almost any firewall. Darkmoon.b secretly runs as a service on every Windows startup.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 fucksnow.exe
    2 yndbybmh.d1l
    3 yndbybmh.dll
    4 yndbybmh.sys

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_YNDBYBMHHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesdmserverParametersServiceDll=%System%yndbybmh.d1lHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesyndbybmh
Loading...