| Port No | 1083 |
| Service Name | WINGATE |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This Windows executable serves as a backdoor program. Using this malware, a remote user can configure a target machine so that it is shared with full access. The following can then be done remotely on the compromised machine: Execute any program Get data or files, including password files and address books Delete important files or data |
| Reference Link | WINGATE |
| Attack | Details: This backdoor malware is a Portable Executable (PE) program that usually arrives UPX-compressed. Upon execution, it displays the following error message, which states that it is the Wingate program running under an expired license: Title: WinGate License Failure Message Body: This copy fo WinGate is unlicensed, or the license has expired. WinGate will not operate without a valid license. Consult the help file for information on licensing WinGate This backdoor program uses port 23 to facilitate its malicious routine. It has three components, namely: MMTASK.EXE SETTINGS.REG VMLOAD.VXD MMTASK.EXE is the UPX-compressed copy of the WinGate program, which is a legitimate Windows 9x/NT utility for modem-sharing across Local Area Networks. Using MMTASK, a machine may be shared with full access, making it vulnerable to hacking attacks. SETTINGS.REG is a registry file that contains the settings for sharing a target machine with full access. VMLOAD.VXD loads MMTASK.EXE, such that this backdoor runs everytime a target machine starts up. If any one of the above components is not present, this backdoor program does not execute properly. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.