Class: Server-Proxy
Such programs function as a proxy server. For this reason, malicious users include them in bundles of malicious program in order to send out spam or other malicious content from the victim computer. Such programs are not malicious. If a user has installed such a program on his/her computer, or if it was installed by a system administrator, then it does not pose any threat.Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: Trojan.Win32.Small
No family descriptionExamples
01073C196549F252C17FA3536EDD53F634804953C12BB48EE8F1D5D28C2E6960
34F03CA4079F0137501075ACF00F9057
36CA6FEB9C62BCF2B51FB191FB5FDC7D
3C6BCEC8618DFB810011D37421B0CBB3
Tactics and Techniques: Mitre*
Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive. Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive. Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.