BackDoor AMA
Category: Trojan Downloader
Risk:
Severe Risk
* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: When run, this trojan copies itself locally as "EXPLORER.EXE " in the Windows directory. It uses this file-name to appear to be a vital Windows file. A space is used at the end of its file-name so that there are not conflicts with the real "EXPLORER.EXE" which is also found in the Windows directory. The trojan uses a standard executable-file type icon, which will also differentiate it from the true "EXPLORER.EXE" which uses its own specific icon.
Alias: None
Signatures:
process: backdoor-ama_1.exe: MD5 Hash: 5c01dd8aacc13923262
process: ama_1.exe: MD5 Hash: 5c01dd8aacc13923262..
Copyright @2006 THR Computer Solutions: BackDoor AMA