Home / malware Backdoor.Wensal
First posted on 11 February 2015.
Source: SymantecAliases :
There are no other names known for Backdoor.Wensal.
Explanation :
When the Trojan is executed, it creates the following file: %Temp%\smsss.exe
Next, the Trojan creates the following registry entry: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"smsss" = "%Temp%\smsss.exe"
The Trojan then connects to the following remote location:
h3.salweensoftad.org
Next, the Trojan gathers the following computer information: OS versionComputer nameUser nameMAC addressSystem drive details
The Trojan may then download, upload, and execute files.Last update 11 February 2015