ServHelper

ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.

Grants admin privileges

Uses net.exe to modify the user's privileges.

Blocklisted process makes network request

Modifies RDP port number used by Windows

Possible privilege escalation attempt

Sets DLL path for service in the registry

UPX packed file

Detects executables packed with UPX/modified UPX open source packer.