Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
JOANAP.C BACKDOOR, JUL 2010<br />
The installer of Joanap.D (next entry) also actively deletes installed files named signtc.ax, signtm.ax, or signts.ax.<br />
Searching for these brought up an apparently preceding sample which uses one of these files - signtc.ax - for<br />
storing data. This sample appears to belong to a series of previous backdoors somewhat related to KorDllbot –<br />
example SHA-256 hash is 4b6078e3fa321b16e94131e6859bfca4503bcb440e087d5ae0f9c87f1c77b421.<br />
We have not analyzed this variant in detail.