Home / malware

PDF

Trojan.Scieron.B

First posted on 12 August 2014.
Source: Symantec

Aliases :

There are no other names known for Trojan.Scieron.B.

Explanation :

The Trojan must be downloaded and installed manually.

When the Trojan is executed, it creates the following files: %UserProfile%\AppData\Local\Temp\hidsvc.dat%Windir%\Drivers\hidsvc.sys%Windir%\seclog32.dll%System%\msoert32.dll
Next, the Trojan modifies the following file:
%System%\sysprep\CRYPTBASE.DLL

The Trojan then creates the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters\"ServiceDll" = "%Windir%\seclog32.dll"

The Trojan then connects to the following remote locations:autohome.suroot.comautohome.serveuser.com
The Trojan may then perform the following actions: Listen for incoming connectionsOpen a command shell for the remote attackerAllow the remote attacker to execute commands on the compromised computerCreate, list, and remove processes, files, and registry entriesGather cached URLs and recently opened files

Last update 12 August 2014

 

TOP