Event ID - 60666

Port No60666
Service NameWin32.Multibinder
RFC Doc0
ProtocolTCP
DescriptionThis is a Trojan dropper. Upon execution, it drops and runs other programs which are usually backdoors and Trojan malwares. It is non-destructive and does not modify any system settings
Reference LinkWin32.Multibinder
AttackSolution:

This Trojan dropper program is written in a high-level programming language using Borland Delphi. Like most Trojan droppers and EXE binders (e.g. TROJ_JOINER.A, TROJ_MULTIDROP.A), when executed, it drops other programs, usually a backdoor and/or Trojan malware and runs them.

This variant specifically uses the ZLIB compression/decompression library package, which was developed by Mark Adler for dropped files.

The dropper itself is non-destructive and does not modify any system settings. However, the dropped files that are executed could be malicious and destructive to the system.

This Trojan contains the following text strings:

LoaderZStub
inflate 1.0.4 Copyright 1995-1996 Mark Adler

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.