Doctor Web examines new backdoor for Windows

December 22, 2017

The Anunak backdoor family is a whole range of malicious programs capable of executing cybercriminals’ commands on an infected device. Doctor Web security specialists examined a new family representative. It infects 64-bit versions of Microsoft Windows and encrypts all data exchanged with the command and control server (C&C server).

The Trojan dubbed BackDoor.Anunak.142 exchanges information with its C&C server by generating encrypted packages. In addition, the header of each package and block of sent data are encrypted separately. This new backdoor can infect devices running on 64-bit Windows versions. There is also a 32-bit modification of this Trojan. It’s numerical order is 124.

BackDoor.Anunak.142 can perform the following actions on an infected device:

• Download files from a specific remote server;
• Upload files to a remote server;
• Launch a file on an infected device;
• Execute commands in the cmd.exe console;
• Redirect traffic between ports;
• Download and install its own modules.

A BackDoor.Anunak.142 signature is already in the Dr.Web virus databases; therefore, this malicious program poses no threat to our users.