speedguide.net  

Port 1111 Details


known port assignments and vulnerabilities
threat/application/port search:
 search
Port(s) Protocol Service Details Source
1111 tcp trojans Trojans that use this port:
Backdoor.AIMvision [Symantec-2002-101713-3321-99] (2002.10.17) - remote access trojan. Affects all current Windows versions.
Backdoor.Ultor [Symantec-2002-061316-4604-99] (2002.06.13) - remote access trojan. Affects Windows, listens on port 1111 or 1234.
Backdoor.Daodan - VB6 remote access trojan, 07.2000. Affects Windows.
W32.Suclove.A@mm [Symantec-2005-092612-2130-99] (2005.09.25) - a mass-mailing worm with backdoor capabilities that spreads through MS Outlook and MIRC. Opens a backdoor and listens for remote commands on port 1111/tcp.

Daodan, Tport trojans also use this port.

The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.
References: [CVE-2005-4216], [BID-15822]

Backdoor.Win32.Agent.cy / Weak Hardcoded Credentials - the malware listens on TCP port 1111, drops an executable named "Spoolsw.exe" under SysWOW64 dir that runs with SYSTEM integrity. The password "TrFsB-RuleZ" is stored in plaintext and can be easily found running strings util against the malware executable.
References: [MVID-2021-0207]

Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow - The malware listens on TCP port 1111 and drops an randomly named executable E.g. xmutfeb.exe etc. Third party attackers who can reach an infected system can send a junk payload and trigger a classic stack buffer overflow overwriting the EBP, EIP registers and structured exception handler (SEH). When connecting you will get a "connected" server response, then we supply our payload as a parameter prefixed by "DOS" as running commands result in error.
References: [MVID-2021-0390]

Backdoor.Win32.SubSeven.c / Remote Stack Buffer Overflow - the malware listens on TCP port 1111. Third-party attackers who can reach an infected system can send a specially crafted packet prefixed with "DOS". This will trigger a classic stack buffer overflow overwriting ECX, EIP registers and structured exception handler (SEH).
References: [MVID-2022-0448]

LM Social Server (IANA official)		 SG
1111 tcp trojan Daodan, Ultors Trojan Trojans
1111 udp trojan Daodan Trojans
1111 tcp threat W32.Suclove Bekkoame
1111 tcp,udp threat AIMVision Bekkoame
1111 tcp,udp lmsocialserver LM Social Server IANA
6 records found
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About