SecurityHome.eu Trojan.Trensil

Home / malware PDF

Trojan.Trensil

First posted on 25 March 2014.
Source: Symantec
Aliases :
There are no other names known for Trojan.Trensil.
Explanation :
The Trojan is usually dropped by a specially crafted PDF document which exploits a vulnerability on the affected computer.

When the Trojan is executed, it creates the following files: %Temp%\000ELISEA310.TMP%UserProfile%\Templates\1A0E621SV.CAB%UserProfile%\Templates\wincex.dll%UserProfile%\Templates\wincex.dllbk
The Trojan then creates the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPMM

Next, the Trojan creates a service with the following characteristics:
Service Name: WmdmPMM

The Trojan may then connect to the following remote locations: 112.185.190.193163.30.24.5
The Trojan may then perform the following actions: Receive commands from the attacker's remote locationSend information to remote locations
Last update 25 March 2014

TOP

Malware :

Backdoor:Linux/IoTReaper
Ransom:Linux/Erebus.A
Backdoor:Linux/Luabot.A
DDoS:Linux/Zanich!rfn
Linux.Mokes

Last 20

Family:

Trojan:W32/Qhost.JE
Trojan-Downloader:HTML/Agent.DY
Trojan.Cidox!kmem
Trojan.Ransomlock!g75
Trojan.Klovbot!gen2
Trojan.Poweliks!gm
Trojan.Shylock!gen9
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan:SymbOS/Bootton.I