Port 1111 Details
known port assignments and vulnerabilities
threat/application/port search:
Port(s) |
Protocol |
Service |
Details |
Source |
1111 |
tcp |
trojans |
Trojans that use this port:
Backdoor.AIMvision [Symantec-2002-101713-3321-99] (2002.10.17) - remote access trojan. Affects all current Windows versions.
Backdoor.Ultor [Symantec-2002-061316-4604-99] (2002.06.13) - remote access trojan. Affects Windows, listens on port 1111 or 1234.
Backdoor.Daodan - VB6 remote access trojan, 07.2000. Affects Windows.
W32.Suclove.A@mm [Symantec-2005-092612-2130-99] (2005.09.25) - a mass-mailing worm with backdoor capabilities that spreads through MS Outlook and MIRC. Opens a backdoor and listens for remote commands on port 1111/tcp.
Daodan, Tport trojans also use this port.
The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.
References: [CVE-2005-4216], [BID-15822]
Backdoor.Win32.Agent.cy / Weak Hardcoded Credentials - the malware listens on TCP port 1111, drops an executable named "Spoolsw.exe" under SysWOW64 dir that runs with SYSTEM integrity. The password "TrFsB-RuleZ" is stored in plaintext and can be easily found running strings util against the malware executable.
References: [MVID-2021-0207]
Backdoor.Win32.Jokerdoor / Remote Stack Buffer Overflow - The malware listens on TCP port 1111 and drops an randomly named executable E.g. xmutfeb.exe etc. Third party attackers who can reach an infected system can send a junk payload and trigger a classic stack buffer overflow overwriting the EBP, EIP registers and structured exception handler (SEH). When connecting you will get a "connected" server response, then we supply our payload as a parameter prefixed by "DOS" as running commands result in error.
References: [MVID-2021-0390]
Backdoor.Win32.SubSeven.c / Remote Stack Buffer Overflow - the malware listens on TCP port 1111. Third-party attackers who can reach an infected system can send a specially crafted packet prefixed with "DOS". This will trigger a classic stack buffer overflow overwriting ECX, EIP registers and structured exception handler (SEH).
References: [MVID-2022-0448]
LM Social Server (IANA official) |
SG
|
1111 |
tcp |
trojan |
Daodan, Ultors Trojan |
Trojans
|
1111 |
udp |
trojan |
Daodan |
Trojans
|
1111 |
tcp |
threat |
W32.Suclove |
Bekkoame
|
1111 |
tcp,udp |
threat |
AIMVision |
Bekkoame
|
1111 |
tcp,udp |
lmsocialserver |
LM Social Server |
IANA
|
|
6 records found
|