Win32/Backzat [Threat Name] go to Threat

Win32/Backzat.Z [Threat Variant Name]

Category worm
Size 32256 B
Aliases (Kaspersky)
  Win32.Backzat.H@mm (BitDefender)
  Win32.HLLM.LoneWolf.8 (Dr.Web)
Short description

The worm has a simple payload. The file is run-time compressed using UPX .


The worm does not create any copies of itself.

Other information

The worm searches for files with the following file extensions:

  • *.*

Only following folders are searched:

  • C:\­

When the worm finds a file matching the search criteria, it overwrites its content.

The worm writes the following entries to the file:

  • L0NEw0lf Was Here...

Please enable Javascript to ensure correct displaying of this content and refresh this page.