Home Malware Programs Backdoors Backdoor.Mirafox

Backdoor.Mirafox

Posted: September 21, 2012

Threat Metric

Ranking: 1,398
Threat Level: 2/10
Infected PCs: 34,586
First Seen: September 21, 2012
Last Seen: October 17, 2023
OS(es) Affected: Windows

Backdoor.Mirafox is a backdoor Trojan that opens a back door on the affected computer. Once executed, Backdoor.Mirafox may copy itself by creating and dropping potentially malicious files. Backdoor.Mirafox also creates the certain registry entry so that it can start automatically every time you start Windows. Backdoor.Mirafox collects the certain information about the compromised PC including OS version, computer name and CPU information, which is then transfered to a command-and-control (C&C) server.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%CurrentFolder%\MSN.exe File name: %CurrentFolder%\MSN.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CurrentFolder%\csrss.exe File name: %CurrentFolder%\csrss.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%CurrentFolder%\Reader_SL.exe File name: %CurrentFolder%\Reader_SL.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%UserProfile%\Start Menu\Programs\Startup\Update.bat File name: %UserProfile%\Start Menu\Programs\Startup\Update.bat
File type: Batch file
Mime Type: unknown/bat
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"Load" = "%CurrentFolder%\[THREAT FILE NAME].exe"

Additional Information

The following URL's were detected:
coxziptwo.com
Loading...