Svdhost.exe[solved]

miekiemoes
miekiemoes
edited June 2008 in Sample submission

Attached svdhost.exe


This file is/was running from the system32 - folder


Appears to be Armadillo packed.


Since I don't have the resources to properly unpack it... I would love to have more info about this file.


Thanks.


/applications/core/interface/file/attachment.php?id=348" data-fileid="348" rel="">svdhost.zip

Comments

  • Cd-MaN
    Cd-MaN

    Thank you for the sample. It will be detected as Backdoor.Sdbot.WU as of the next update. It is a typical IRC bot, loaded with many exploits and functionality (DDoS, starting / deleting services, disabling security measures, etc).


    Best regards.

All Time Leaders

Categories

Defenders of the month