| Port No | 60666 |
| Service Name | Win32.Multibinder |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This is a Trojan dropper. Upon execution, it drops and runs other programs which are usually backdoors and Trojan malwares. It is non-destructive and does not modify any system settings |
| Reference Link | Win32.Multibinder |
| Attack | Solution: This Trojan dropper program is written in a high-level programming language using Borland Delphi. Like most Trojan droppers and EXE binders (e.g. TROJ_JOINER.A, TROJ_MULTIDROP.A), when executed, it drops other programs, usually a backdoor and/or Trojan malware and runs them. This variant specifically uses the ZLIB compression/decompression library package, which was developed by Mark Adler for dropped files. The dropper itself is non-destructive and does not modify any system settings. However, the dropped files that are executed could be malicious and destructive to the system. This Trojan contains the following text strings: LoaderZStub inflate 1.0.4 Copyright 1995-1996 Mark Adler |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.