Home / malware Backdoor:Win32/Glacid.A
First posted on 29 May 2012.
Source: MicrosoftAliases :
Backdoor:Win32/Glacid.A is also known as BackDoor.Generic15.AVRW (AVG), Trojan.Generic.KDV.620607 (BitDefender), Backdoor.Win32.Agent.ciua (Kaspersky), Trojan.Pasam (Symantec).
Explanation :
Backdoor:Win32/Glacid.A is a trojan that allows unauthorized access and control of your computer. It could connect to a command and control (C&C) server to receive commands to perform certain payloads, such as remote file execution, data theft and downloading other malware.
Installation
Backdoor:Win32/Glacid.A is installed by other malware, such as TrojanDropper:Win32/Glacid.A, and may be present with other malware such as the following:
- <system folder>\iglicd64.dll - Trojan:Win32/Glacid.A
- <system folder>\msjtea40.dll - Backdoor:Win32/Glacid.A
- <system folder>\samsrv.dll - Virus:Win32/Glacid.A
Note: <system folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Payload
Communicates with a remote serverThis trojan attempts to connect to a C&C server named "updating.vicp.cc" using TCP port 443. The server sends instructions to the backdoor trojan to perform any of the following payloads:
- Execute a specified application
- Delete a file
- Kill process by its process ID (PID)
- Enumerate processes
- Upload a file from the affected computer to the C&C server
- Terminate connection
- Get disk drive information
- Locate file
- Download a file to affected computer
Analysis by Vincent TiuLast update 29 May 2012
