Home / malware Virus:Win32/Slugin.A!dll
First posted on 15 February 2019.
Source: MicrosoftAliases :
Virus:Win32/Slugin.A!dll is also known as Win-Trojan/Slugin.110592, W32/Slugin.A, W32/Slugin.drop, Win32/Slugin.A, Trojan.PWS.MSNPass.75, W32/Wplugin.dll, W32/Wplugin.A.drp, Trojan.Win32.Nodef.dri, W32/Slugin-A, Trojan.Win32.Slugin.a!dll, W32.Slugin.A, PE_WPLUG.A-O.
Explanation :
Virus:Win32/Slugin.A!dll is the DLL component of Virus:Win32/Slugin.A. It contains the infection routine for the virus. Installation Virus:Win32/Slugin.A!dll may be created by Virus:Win32/Slugin.A as the following files:
wplugin.dll ws2help.dll %ProgramFiles%Messengerws2help.dll Spreads via... File infection Virus:Win32/Slugin.A!dll looks for EXE Files to infect in all fixed, removable, and remote drives. It replaces 434 bytes from the entry point of the target file with its own code. The original 434 bytes, a copy of the malicious DLL, and some other virus data are then appended to the target file. Payload Sends infection notification Virus:Win32/Slugin.A!dll sends an email message to a remote attacker containing information about the infection. The message is sent via the following mail servers: mx1.hotmail.com mx2.hotmail.com The message is sent to the address "cvmb@hotmail.com" from the address "sv003@yahoo.com". Allows limited backdoor access and control Virus:Win32/Slugin.A!dll opens port 10100 on the infected PC. This allows a malicious hacker to create web pages to perform the following actions on your PC: Upload files to and from your PC Kill services Change services settings Analysis by Jaime Wong Last update 15 February 2019