Home / malware Trojan.Sysridge
First posted on 25 April 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Sysridge.
Explanation :
When the Trojan is executed, it creates the following file: %Temp%\[FILE NAME]
Note: [FILE NAME] may include kapwall.exe or vmcon.exe
Next, the Trojan creates the following registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"netbridge" = "[PATH TO MALWARE]"
The Trojan then connects to the following remote locations: www.jpaols.combiosnews.info
The Trojan may then download, upload, or execute files.Last update 25 April 2015
