Searching
..

Click anywhere to stop

Backdoor.Win32.ImgDrop

Detect Date 09/13/2016
Class Backdoor
Platform Win32
Description

When launched, Backdoor.Win32.ImgDrop extracts a file from its body with a name of the format winXXX32.dll to the %system% folder, and adds the file to the list of programs that are automatically run at startup of the operating system.
The malware stores its settings in the HKLM\SOFTWARE\Microsoft\MSSMGR registry key.
The body of Backdoor.Win32.ImgDrop contains a list of web addresses for command-and-control servers, with which the malware communicates by sending GET requests to the relative address /img/cmd.php.

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russian Federation 20.48
2 China 10.84
3 Vietnam 9.64
4 Germany 7.23
5 India 7.23
6 France 4.82
7 Hungary 3.61
8 Ukraine 3.61
9 Austria 2.41
10 India 2.41

* Percentage among all unique Kaspersky users worldwide attacked by this malware

Find out the statistics of the threats spreading in your region