Home / malware

PDF

Trojan:Win32/Sakurel.A

First posted on 19 February 2014.
Source: Microsoft

Aliases :

There are no other names known for Trojan:Win32/Sakurel.A.

Explanation :

Threat behavior

Installation

Trojan:Win32/Sakurel.A copies itself to c:\documents and settings\administrator\local settings\temp\micromedia\mediacenter.exe. The malware changes the following registry entries so that it runs each time you start your PC:

In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "MICROMEDIA"
With data: "c:\documents and settings\administrator\local settings\temp\micromedia\mediacenter.exe" The malware creates the following files on your PC:

• c:\documents and settings\administrator\local settings\temp\micromedia\microsoftsecuritylogin.ocx

Payload

Changes Hosts file

Trojan:Win32/Sakurel.A changes the Windows Hosts file. Malware sometimes does this to redirect URLs to different IP addresses, often to stop you from accessing security-related websites.
This malware description was produced and published using automated analysis of file SHA1 a2a9592fb2661b63a873dab5c5d301e7e540921d.Symptoms

System changes

The following could indicate that you have this threat on your PC:

• You have these files:
  
  c:\documents and settings\administrator\local settings\temp\micromedia\mediacenter.exe
  c:\documents and settings\administrator\local settings\temp\micromedia\microsoftsecuritylogin.ocx

• You see these entries or keys in your registry:
  
  Sets value: "MICROMEDIA"
  With data: "c:\documents and settings\administrator\local settings\temp\micromedia\mediacenter.exe"
  In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Last update 19 February 2014

 

TOP