Malware Encyclopedia

We discovered a new modification of the Kelihos backdoor dated March, 4 2013 (MD5:80bb0a4c115ca5309baaf4c85017869), which is still in operation after the much publicized botnet shut down at RSA Conference. The new modification is able to steal passwords from Internet browsers.

The compilation date of the unpacked backdoor body is March, 4 2013.

Platform: Win32
Type: Trojan
Size: 878592  bytes
Language: С++
MD5: 1f19849a7befa7bf2e3ca04e2757829d
SHA1: 478260ca3fdbcb792a5756956838d2260121de25
Aliases: Backdoor:Win32/Kelihos.F(Microsoft), TrojanPSW.FTPAgent