A backdoor wrapped with an Image Viewer

Recently, X-Sec Labs caught a new backdoor which is wrapped with an Image Viewer called “看图王”.

After installed this program, it will launch “ktwViewer.exe” twice, one of these works normally, but the other one(start with “/check_update” argument) start a timer which will periodly connect C&C Server for remote command.

Related MD5:



X-Sec Antivirus Detection:

Cloud Engine: Cloud:Backdoor.Win32.Generic