SecurityHome.eu Backdoor.Sinpid

Home / malware PDF

Backdoor.Sinpid

First posted on 09 May 2014.
Source: Symantec
Aliases :
There are no other names known for Backdoor.Sinpid.
Explanation :
When the Trojan is executed, it creates the following file:
%UserProfile%\Application Data\Microsoft\MMC\MMC.exe

Next, the Trojan creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"mmc" = "%UserProfile%\Application Data\Microsoft\MMC\mmc.exe"

The Trojan then connects to the following remote location:
[http://]cpanel.anydns.com/commo[REMOVED]

The Trojan may then perform the following actions:Upload and download filesCreate new processesUpdate itselfUninstall itself
Last update 09 May 2014

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Family:

Backdoor.Typideg!gen1
Backdoor.Breut!gm
Backdoor:Solaris/Wanukdoor.A
Backdoor.Winnti!gen3
Backdoor.Korplug!gm
Backdoor.Gresim!gen1
Backdoor.Win32.Wisdoor.N
Backdoor:W32/PcClient.YW
Backdoor.Destover
Backdoor.Oldrea!gen1