Home / malware Backdoor:Win32/Spentrpa.A
First posted on 10 July 2009.
Source: SecurityHomeAliases :
Backdoor:Win32/Spentrpa.A is also known as Also Known As:Trojan.Win32.Inject.afeh (Kaspersky), W32/Malware.HCVD (Norman), Win32/Agent.NZZ (ESET), Generic BackDoor!dj (McAfee).
Explanation :
Win32/Spentrpa.A is a backdoor trojan that listens on a specific port for incoming commands and allows unauthorized access and control of an affected system.
Symptoms
System changesThe following system changes may indicate the presence of this malware:The presence of the following files: <system folder>spoolsr.exe<system folder>wsdtc.exe
Win32/Spentrpa.A is a backdoor trojan that listens on a specific port for incoming commands and allows unauthorized access and control of an affected system.
Installation
When executed Wi3n2/Spentrpa.A copies itself to the following locations:<system folder>spoolsr.exe <system folder>wsdtc.exe It then sets spoolsr.exe to run as a service, and launches the copy <system folder>wsdtc.exe.
The trojan then deletes the original executable.
Payload
Allows remote access and control: Port 3456Win32/Spentrpa.A allows unauthorized access and control of an affected computer. It listens on port 3456 for incoming connections from a remote attacker. Once a connection is established the malware requests a password. If the correct password is entered, the malware spawns a command shell for the remote attacker that allows them to control the affected computer.
Analysis by Ray RobertsLast update 10 July 2009