Home / malware Trojan.Aniralia
First posted on 11 August 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Aniralia.
Explanation :
When the Trojan is executed, it creates the following files: %UserProfile%\Application Data\dmw.exe%UserProfile%\Application Data\botpc.cdr%Temp%\serpente.txt%Temp%\yGVCCghqn
Next, the Trojan creates the following registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"MediaCenter" = "%UserProfile%\Application Data\dmw.exe"
The Trojan may then perform the following actions: Open a back doorLog keystrokesGather clipboard dataLast update 11 August 2015
