ACTIVEXDEBUGGER32.EXE

File Behavior

ACTIVEXDEBUGGER32.EXE has been seen to perform the following behavior:

• Registers a Dynamic Link Library File
• Executes a Process
• Injects code into other processes
• Creates a new Background Service on the machine
• Disables safe mode on your PC
• Drops known malicious software during execution
• Disables or impairs the normal operation of the Windows Security Center
• This process creates other processes on disk
• Sends email using SMTP protocols
• Makes outbound connections to other computers using NETBIOSOUT protocols
• This Process Deletes Other Processes From Disk
• Disables the built in Windows File Protection System
• Executes Processes stored in Temporary Folders
• Writes to another Process's Virtual Memory (Process Hijacking)
• Communicates with other computers using FTP connections
• Enables an In Process Object/Server - Common with DLL Injections
• Can communicate with other computer systems using HTTP protocols
• This Process Contains User Mode Rootkit Functionality and can hide itself from the running process list
• Sends mail without telling you
• Sets processes to start during user logon
• Looks at the contents of the autoexec.bat file
• Reads email address and phone book details
• Uses DNS to retrieve the IP address for web sites
• Found on infected systems and resists interrogation by security products

ACTIVEXDEBUGGER32.EXE has been the subject of the following behavior:

• Executed as a Process
• Created as a process on disk
• Terminated as a Process
• Deleted as a process from disk
• Has code inserted into its Virtual Memory space by other programs