This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects Backdoor.Hikit activity on the compromised computer.
When the Trojan is executed, it may create the following files:
Next, the Trojan drops the following file, which may be a 32-bit or 64-bit driver, depending on the operating system:
Then the threat uses an untrusted certificate to load the driver.
It may also modify the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing\"Policy" = "00"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing\"Policy" = "00"
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot\Certificates\[HEXADECIMAL VALUE]\"Blob" = "[BINARY DATA]"
The back door allows a remote attacker to perform the following actions on the compromised computer:
Open connections over a SOCKS5 proxy
Download files onto the compromised computer
Upload files to a remote location
Open a command shell