My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Back to the news list

Doctor Web examines new backdoor for Windows

December 22, 2017

The Anunak backdoor family is a whole range of malicious programs capable of executing cybercriminals’ commands on an infected device. Doctor Web security specialists examined a new family representative. It infects 64-bit versions of Microsoft Windows and encrypts all data exchanged with the command and control server (C&C server).

The Trojan dubbed BackDoor.Anunak.142 exchanges information with its C&C server by generating encrypted packages. In addition, the header of each package and block of sent data are encrypted separately. This new backdoor can infect devices running on 64-bit Windows versions. There is also a 32-bit modification of this Trojan. It’s numerical order is 124.

BackDoor.Anunak.142 can perform the following actions on an infected device:

  • Download files from a specific remote server;
  • Upload files to a remote server;
  • Launch a file on an infected device;
  • Execute commands in the cmd.exe console;
  • Redirect traffic between ports;
  • Download and install its own modules.

A BackDoor.Anunak.142 signature is already in the Dr.Web virus databases; therefore, this malicious program poses no threat to our users.

More about the Trojan

Tell us what you think

To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.

Other comments