Class Backdoor
Platform Win32

Technical Details

This backdoor program obtains a file from the Internet and spawns it on a victim’s machine in hidden mode. Upon being run, the backdoor copies itself to Wthe indows system directory with the IESTUB32.EXE name and registers itself
in system registry in the auto-run section:


It then, depending on the current date, loads the file WELCOME.GIF from Web site, stores it in the Windows temporary directory with the UNINST32.EXE name and spawns it. The UNINST32.EXE program’s behavior is unknown and depends only on a backdoor author’s needs.

Find out the statistics of the threats spreading in your region