Home > Threat descriptions >



Category: Malware

Type: Backdoor

Aliases: Backdoor:W32/Binanen.A


A dropper Trojan that contains malicious or potentially unwanted software, which it 'drops' and installs on the affected system.


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Binanen.A creates a dummy iexplore.exe process, and runs its malicious activity by silently dropping the following file:

  • C:\windows\system32\winimet.dll

It also copies itself to:

  • C:\windows\system32\binanen.exe

And, creates the following registry keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{26D37492-FEC2-C272-9882-6D97A521F122}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{761CC820-6EC0-5921-1400-8442C1E2FB90}


Once the malware is executed, the dropped file will try to disguise itself under a true process name and will be injected into a hidden dummy process. Then, it will execute certain command lines such asipconfig, which can be used to retrieve IP address, subnet mask, and default gateway.

Once the DLL file has been injected and running under the hidden Internet Explorer process, the attacker will be able to control the infected machine and retrieve information such as list of processes and hard disk information from the affected machine. The attacker could also obtain data such as username, system date and time, and how long the machine has been up and running.