Home / malware Trojan:Win32/Simda.R
First posted on 25 February 2012.
Source: MicrosoftAliases :
Trojan:Win32/Simda.R is also known as TR/Spy.5632.23 (Avira), Trojan.Rodricter.1 (Dr.Web), Trojan.Win32.Zapchast (Ikarus), Trojan.Win32.Zapchast.exi (Kaspersky).
Explanation :
Trojan:Win32/Simda.R is a component of Backdoor:Win32/Simda.A that is used to bypass the user account control (UAC) dialog in order to gain administrator privileges on the affected computer.
Top
Trojan:Win32/Simda.R is a component of Backdoor:Win32/Simda.A that is used to bypass the user account control (UAC) dialog in order to gain administrator privileges on the affected computer.
Trojan:Win32/Simda.R is a DLL file written into the %Temp% folder. The name may have the format "%Temp%\SE<random hex>.TMP". It is executed in the context of "explorer.exe", then after has performed its malicious routine, it is deleted.
It successfully creates a COM Elevation Moniker object under "explorer.exe", then transfers the acquired priviledges to the main injector process, Backdoor:Win32/Simda.A.
Analysis by Mihai Calota
Last update 25 February 2012