[Malware Review] Backdoor.Hamweq.Z

The backdoor component - the malicious feature most appreciated by cybercriminals this week

Spreading technique: the backdoor takes either the form of an attachment to an e-mail message, or of a file downloaded directly onto the computer from a malicious or compromised website.

Upon execution, Backdoor.Hamweq.Z creates a directory“C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1451” where it places a copy of itself under the name of “games.exe” and where it drops a file named “Desktop.ini” thus making the directory appear as if the Recycle Bin is open. Plus, in order to hide its malicious behavior,Backdoor.Hamweq.Z injects its code in the memory space of the“explorer.exe”.

Moreover, Backdoor.Hamweq.Z creates the following registry keys:
Taskman“inSOFTWAREMicrosoftWindowsNTCurrentVersionWinlogon”; “Shell”in SOFTWAREMicrosoftWindowsNTCurrentVersionWinlogon”;“games”in“SoftwareMicrosoft WindowsCurrentVersionRun” all of them pointing to the“C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1451games.exe”.

It subsequently opens a new connection on port 8800 to games.freeps3[removed].biz, that would allow a remote attacker to access the backdoor component and  to seize control over the infected machine.

Backdoors are some of the most harmful types of malware, as it gives cyber-criminals full access to the user’s computer, to the data stored on it as well as the ability to manipulate it according to their own needs (for instance, to install additional software, to export locally saved documents, to manipulate online voting from various IPs, or even to launch TCP/UDP flood attacks against Internet servers).In order to stay safe and fully enjoy your Internet experience, BitDefender recommends that you install and regularly update an anti-malware suite with anti-virus, anti-spam, anti-phishing and firewall modules.

Information in this article is available courtesy of BitDefender virusresearchers George Cabău.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.