Associated Malware Groups
The filename is associated with the malware groups:
- System Back Door
- Cloaked Malware
- Malicious Software
File Behavior
8XCRBHO6.EXE has been seen to perform the following behavior:
- Writes to another Process's Virtual Memory (Process Hijacking)
- The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
- This process creates other processes on disk
- Executes a Process
- This Process Deletes Other Processes From Disk
- Injects code into other processes
- Performs DNS look ups to resolve URL IP addresses
- Adds products to the system registry
- Automatically changes your firewall settings to allow itself or other programs to communicate over the internet
- Modifies Windows Security Policies to restrict/expand User Privileges on the machine
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Can communicate with other computer systems using HTTP protocols
- Terminates Processes
- Registers a Dynamic Link Library File
- The Process is packed and/or encrypted using a software packing process
8XCRBHO6.EXE has been the subject of the following behavior:
- Created as a process on disk
- Executed as a Process
- Has code inserted into its Virtual Memory space by other programs
- Added as a Registry auto start to load Program on Boot up
- Terminated as a Process
- Registered as a Dynamic Link Library File
- Deleted as a process from disk
Country Of Origin
The filename 8XCRBHO6.EXE was first seen on Jan 9 2010 in the following geographical regions of the Prevx community:
- The United Kingdom on Jan 9 2010
- Georgia on Jan 9 2010
- Italy on Jan 10 2010
- Turkey on Jan 10 2010
- Romania on Jan 10 2010
- Pakistan on Jan 13 2010
- Ethiopia on Jun 17 2010
- Peru on Oct 28 2010
Source:
prevx
Related Posts :
