Home / malware PWS:Win32/Sinowal.AS
First posted on 28 July 2014.
Source: MicrosoftAliases :
There are no other names known for PWS:Win32/Sinowal.AS.
Explanation :
Threat behavior
Installation
PWS:Win32/Sinowal.AS creates the following files on your PC:
- c:\documents and settings\all users\application data\445\242140.dat
- c:\documents and settings\all users\application data\445\242390.dll
- c:\documents and settings\all users\application data\445\msseedir.dll
Payload
Contacts remote hosts
PWS:Win32/Sinowal.AS may contact the following remote hosts using port 80:
- 67.196.52.136
- biofeskayaras.info
Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 12bfa5fccaff7409b3595bac2ead9cf95ac9b952.Symptoms
- Confirm Internet connectivity
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\all users\application data\445\242140.dat
c:\documents and settings\all users\application data\445\242390.dll
c:\documents and settings\all users\application data\445\msseedir.dllLast update 28 July 2014