Win32/Chinoxy [Threat Name] go to Threat

Win32/Chinoxy.M [Threat Variant Name]

Category trojan
Size 212992 B
Detection created Feb 01, 2016
Signature database version 12958
Short description

Win32/Chinoxy.M serves as a backdoor. It can be controlled remotely.

Installation

The trojan is usually a part of other malware.


The trojan does not create any copies of itself.

Information stealing

The trojan collects the following information:

  • user name
  • computer name
  • information about the operating system and system settings
  • CPU information
  • external IP address of the network device
  • memory status
  • list of running processes
  • list of files/folders on a specific drive
  • webcam video/voice
  • data from the clipboard

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The malware configuration is passed as command line parameters or read from the file when the malware executable is launched.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • start/stop services
  • terminate running processes
  • execute shell commands
  • log keystrokes
  • send files to a remote computer
  • watch the user's screen content
  • create files
  • delete files
  • upload file list
  • create Registry entries
  • delete Registry entries
  • shut down/restart the computer
  • log off the current user
  • capture webcam video/voice
  • play sound/video
  • simulate user's input (clicks, taps)
  • set clipboard data
  • perform DoS/DDoS attacks
  • change the proxy server settings
  • uninstall itself

The trojan may create the following files in the %windir%\tasks\ folder:

  • k.ini
  • fasdw.bat
  • infokey.dat
  • img%variable%.z

A string with variable content is used instead of %variable% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.