Event ID - 55555

Port No55555
Service NameShadowPhyre
RFC Doc0
ProtocolTCP
DescriptionThis backdoor malware, written in Visual Basic 5, is a Remote Access Tool (RAT). It uses a Server program to infect a target computer and uses a client program to access and control the infected system. For its server-client connection, it uses a port number 80 TCP
Reference LinkShadowPhyre
AttackDetails:

This backdoor malware, written in Visual Basic 5, requires the Dynamic Link Library file, "MSVBVM50.DLL" on the target system. Upon execution, the server program opens a port 80 TCP, where it then waits for commands to execute from the user of the client component. The user of the client component may execute any or all but not limited to the following on the computer infected with the server program:

Shutdown/Reboot/Logoff System
Hide/Show Taskbar
Go to URL link
Execute Programs
Delete FilesPrint to printer
Send Message (with or without reply)
Send Keys
Eject/Close CD Rom Drive
Get System Information
Show a picture of a Dragon and some message
Disable Shortcuts
Set Wallpaper
Lock the Workstation

Connect using ICQ UIN


This backdoor malware also includes a port scanner, port redirector, and shutdown of the server component.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.