Home / malware PWS:Win32/Sinowal.gen!M
First posted on 28 May 2009.
Source: SecurityHomeAliases :
PWS:Win32/Sinowal.gen!M is also known as Also Known As:Backdoor.Win32.Sinowal.dkc (Kaspersky), Mal/Sinowa-A (Sophos), PSW.Sinowal.S (AVG), Backdoor.Sinowal.BX (BitDefender), PWS-JA.gen.d (McAfee), :Trj/Sinowal.DW (Panda), Trojan.Mebroot (Symantec).
Explanation :
PWS:Win32/Sinowal.gen!M is the generic detection for a member of the Win32/Sinowal family. It drops other malware and steals online banking and FTP credentials.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
PWS:Win32/Sinowal.gen!M is the generic detection for a member of the Win32/Sinowal family. It drops other malware and steals online banking and FTP credentials. Upon execution, PWS:Win32/Sinowal.gen!M drops two files in the Windows Temporary Folder. These files are also detected as PWS:Win32/Sinowal.gen!M. It also creates the mutex 'DD8D9E3C36AD47F8937D59F372EFF498' to ensure that only one copy of the trojan is running. It also drops the following malware:PWS:Win32/Sinowal.gen!O - loaded as a service via svchost.exe with identifier {BEE686B9-4C84-4487-9D72-9F40F051E973} VirTool:WinNT/Sinowal.F - rootkit driver that may contact remote systems to download other malware components This trojan may monitor for banking information, such as login credentials to online banking accounts. It may also monitor for FTP user names and passwords. All gathered information is sent to a remote server.
Analysis by Andrei Florin SaygoLast update 28 May 2009
