Troj/Nuclear-BE is a backdoor Trojan for the Windows platform that provides an unauthorized remote access to the infected computer.

When first run Troj/Nuclear-BE copies itself to \NR\example.exe

Troj/Nuclear-BE attempts to drop a file that is also detected as Troj/Nuclear-BE. The dropped file has the capability to take system snapshots, log keyboard and can give access to a remote server.


Registry entries are created under:

HKCR\dllfile\shell\open\command

More information can be found at this Sophos page.