Threat Description

Backdoor:​W32/​Binanen.A

Details

Aliases: Backdoor:W32/Binanen.A
Category: Malware
Type: Backdoor
Platform: W32

Summary


A dropper Trojan that contains malicious or potentially unwanted software, which it 'drops' and installs on the affected system.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.



Technical Details


Binanen.A creates a dummy iexplore.exe process, and runs its malicious activity by silently dropping the following file:

  • C:\windows\system32\winimet.dll

It also copies itself to:

  • C:\windows\system32\binanen.exe

And, creates the following registry keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{26D37492-FEC2-C272-9882-6D97A521F122}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{761CC820-6EC0-5921-1400-8442C1E2FB90}

Payload

Once the malware is executed, the dropped file will try to disguise itself under a true process name and will be injected into a hidden dummy process. Then, it will execute certain command lines such asipconfig, which can be used to retrieve IP address, subnet mask, and default gateway.

Once the DLL file has been injected and running under the hidden Internet Explorer process, the attacker will be able to control the infected machine and retrieve information such as list of processes and hard disk information from the affected machine. The attacker could also obtain data such as username, system date and time, and how long the machine has been up and running.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More