Home / malware TrojanDownloader:Win32/Sinowal.A
First posted on 06 July 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Sinowal.A is also known as Backdoor.Win32.Sinowal.jly (Kaspersky), Backdoor.Sinowal.Gen.17 (VirusBuster), Downloader.Mebload.J (AVG), BDS/Sinowal.jly (Avira), Gen:Variant.Sinowal.1 (BitDefender), Trojan-Downloader.Win32.Mebroot (Ikarus), Trj/Sinowal.DW (Panda), Mal/Sinowa-A (Sophos), Trojan.Mebroot (Sunbelt Software), Trojan.Mebroot (Symantec).
Explanation :
TrojanDownloader:Win32/Sinowal.A is the downloader component of the Win32/Sinowal family. It is used to download updates to the infected computer.
Top
TrojanDownloader:Win32/Sinowal.A is the downloader component of the Win32/Sinowal family. It is used to download updates to the infected computer. Installation TrojanDownloader:Win32/Sinowal.A may arrive in the computer as a downloaded file from a malicious website or it may be dropped by other members of the Win32/Sinowal family. Payload Downloads Sinowal updates TrojanDownloader:Win32/Sinowal.A may connect to websites using various ports to download updates for members of the Win32/Sinowal family. Some of the websites it is known to connect to are: bcplcwytwe.com via TCP port 443 mcduimqmoxk.com via TCP port 443 mjiuakrmmlc.com via TCP port 443 jefmlhjjoxk.com via TCP ports 443 or 80 jefmlhjjoxk.net via TCP port 443 or 80 The downloaded file is then saved in the temporary files folder.
Analysis by Elda DimakilingLast update 06 July 2010
