Port 5418 Details
known port assignments and vulnerabilities
threat/application/port search:
Port(s) |
Protocol |
Service |
Details |
Source |
5418 |
tcp |
trojan |
Backdoor.DarkSky.B [Symantec-2002-100311-5041-99]
Backdoor.Win32.DarkSky.23 / Remote Stack Buffer Overflow (SEH) - the malware listens on TCP port 5418. Third-party adversaries who can reach the server can send a specially crafted payload triggering a stack buffer overflow overwriting EDX register and Structured Exception Handler (SEH). In order to see the typical exploit pattern of "\x41" "AAAA" we need to actually send "\x50" as there is an loop that performs an XOR converting our payload. Therefore, if we send "AAAAAAAA" we will get "PPPPPPPP", the malware performs the XOR with the value of 11.
References: [MVID-2022-0648] |
SG
|
5418 |
tcp |
trojan |
DarkSky |
Trojans
|
5418 |
tcp,udp |
threat |
DarkSky |
Bekkoame
|
5418 |
tcp,udp |
mcntp |
MCNTP |
IANA
|
|
4 records found
Related ports: 5419
|