Home Malware Programs Backdoors Backdoor.Pirpi.D

Backdoor.Pirpi.D

Posted: April 15, 2013

Threat Metric

Ranking: 8,278
Threat Level: 1/10
Infected PCs: 2,159
First Seen: April 15, 2013
Last Seen: September 29, 2023
OS(es) Affected: Windows

Backdoor.Pirpi.D is a Trojan that opens a back door on the affected computer system. When executed, Backdoor.Pirpi.D may drop the configuration file. Backdoor.Pirpi.D registers itself as a service by creating the registry subkey. Backdoor.Pirpi.D may then open a back door on the infected computer and communicate with a command-and-control (C&C) server using http on UDP port 501. Backdoor.Pirpi.D may also be configured to use a UDP port between 1 and 255. Backdoor.Pirpi.D then allows attackers to gain remote access to perform numerous malicious actions on the corrupted PC. Backdoor.Pirpi.D can open a remote shell, get information from the targeted computer (for example, the IP address and the current date), close IP connections, enumerate and stop any running processes, and stop executing itself. The Trojan may also monitor network traffic on the compromised computer. Backdoor.Pirpi.D can also modify the firewall configuration in order to disable alerts and accept the UDP communications that are being used by the security threat.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%System%\mscon32.dll File name: %System%\mscon32.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SystemInfoOptions
Loading...