Gazavat

Gazavat (which is often tagged as Expiro by AV vendors) is a multi-functional backdoor that has code overlaps with the POS malware DMSniff. Functionality includes:

• Loading other executables
• Load hash cracking plugin
• Load DMSniff plugin
• Perform webinjection and webfakes
• Form grabbing
• Command execution
• Download file from infected system
• Convert infection into proxy
• DDOS
• Spreading and EXE infecting

Family metadata imported from Malpedia (Fraunhofer FKIE).