Home / malware Trojan:Win32/Sefnit.E
First posted on 08 October 2010.
Source: SecurityHomeAliases :
Trojan:Win32/Sefnit.E is also known as Trojan.ADH (Symantec).
Explanation :
Trojan:Win32/Sefnit.E is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
Top
Trojan:Win32/Sefnit.E is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer. Installation Trojan:Win32/Sefnit.E creates the following files on an affected computer:
%programfiles%\common files\folder\folderoptions.dll c:\documents and settings\administrator\local settings\temp\dbf-viewer-2000-3.25.1.exe c:\documents and settings\administrator\local settings\temp\dbf-viewer-2000-3.25.1.log c:\documents and settings\administrator\local settings\temp\windll.dll c:\documents and settings\administrator\local settings\temp\nsh11.tmp\installoptions.dll c:\documents and settings\administrator\local settings\temp\nsh11.tmp\ioc.ini c:\documents and settings\administrator\local settings\temp\nsh11.tmp\iospecial.ini c:\documents and settings\administrator\local settings\temp\nsh11.tmp\modern-wizard.bmp c:\documents and settings\administrator\local settings\temp\nsrf.tmp\nsisdl.dll Payload Contacts remote host Trojan:Win32/Sefnit.E may contact a remote host at torrentsfiles.net using port 80. Commonly, malware may contact a remote host for the following purposes:
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 00f465d3ffa89bb28287fcbbd92014d184c50f4c.Last update 08 October 2010