A backdoor wrapped with an Image Viewer

Recently, X-Sec Labs caught a new backdoor which is wrapped with an Image Viewer called “看图王”.

After installed this program, it will launch “ktwViewer.exe” twice, one of these works normally, but the other one(start with “/check_update” argument) start a timer which will periodly connect C&C Server for remote command.

Related MD5:

21A82150B60BD6F3F41FCE6762B79BCE

87468BA279810EEB71CBFC5B66DF29AE

X-Sec Antivirus Detection:

Cloud Engine: Cloud:Backdoor.Win32.Generic