| Port No | 666 |
| Service Name | ShadowPhyre |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This backdoor malware, written in Visual Basic 5, is a Remote Access Tool (RAT). It uses a Server program to infect a target computer and uses a client program to access and control the infected system. For its server-client connection, it uses a port number 80 TCP. |
| Reference Link | ShadowPhyre |
| Attack | Details: This backdoor malware, written in Visual Basic 5, requires the Dynamic Link Library file, "MSVBVM50.DLL" on the target system. Upon execution, the server program opens a port 80 TCP, where it then waits for commands to execute from the user of the client component. The user of the client component may execute any or all but not limited to the following on the computer infected with the server program: Shutdown/Reboot/Logoff System Hide/Show Taskbar Go to URL link Execute Programs Delete FilesPrint to printer Send Message (with or without reply) Send Keys Eject/Close CD Rom Drive Get System Information Show a picture of a Dragon and some message Disable Shortcuts Set Wallpaper Lock the Workstation Connect using ICQ UIN This backdoor malware also includes a port scanner, port redirector, and shutdown of the server component. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.