CIA
CIA, also known as Ciadoor, is a malicious remote administration tool with lots of functions. It consists of server and client. Server secretly runs on an infected computer and accepts connections from the client, used by attackers. CIA server starts automatically on every computer startup and hides from the user. It gathers computer and user account information and sends it to the hacker. CIA can manipulate files, launch and terminate any software, log keystrokes, modify critical computer settings and control some hardware devices, steal passwords and license information of several games and applications, take screenshots of user activity. It contains an integrated FTP server that allows the attacker to download and upload many files, including user’s valuable personal documents. The hacker can configure this malware to include only those functions he needs. The most dangerous is CIA variant with all available functions. However, even the simplest configuration allows the attacker to damage files, installed software and operating computer.
File System Modifications
- The following files were created in the system:
# File Name 1 0895ee42.exe 2 3ec8d1fb.exe 3 45534355.exe 4 462ac4c3.exe 5 builder.exe 6 cjpg.dll 7 client.exe 8 pic.exe 9 pspv.dll 10 server.exe 11 server_unpacked.exe 12 server_upx.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERsoftwaremicrosoftwindowsntcurrentversionwindowsununtimeprocessuntimeprocessHKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversion
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.