Recently, X-Sec Labs caught a new backdoor which is wrapped with an Image Viewer called “看图王”.
After installed this program, it will launch “ktwViewer.exe” twice, one of these works normally, but the other one(start with “/check_update” argument) start a timer which will periodly connect C&C Server for remote command.
Related MD5:
21A82150B60BD6F3F41FCE6762B79BCE
87468BA279810EEB71CBFC5B66DF29AE
X-Sec Antivirus Detection:
Cloud Engine: Cloud:Backdoor.Win32.Generic