Backdoor:Win32/Smadow.gen!B is also known as Backdoor.Maxplus.13 (Dr.Web), Maxplus (other).
Explanation :
Backdoor:Win32/Smadow.gen!B is a generic detection for malware that can perform different actions, such as executing other malware. The executed malware may be detected as TrojanDropper:Win32/Sirefef.B or Trojan:Win32/Sirefef.
Top
Backdoor:Win32/Smadow.gen!B is a generic detection for malware that can perform different actions, such as executing other malware. The executed malware may be detected as TrojanDropper:Win32/Sirefef.B or Trojan:Win32/Sirefef.
Installation
Some variants of this malware may be present in the Application Data directory:
%APPDATA%\
The registry is modified to run the trojan at each Windows start.
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Sets value: "AD Network"
With data: "%APPDATA%\
In the wild, we have observed some variants of Backdoor:Win32/Smadow.gen!B present with other malware including TrojanDropper:Win32/Sirefef.B or Trojan:Win32/Sirefef. Some variants of this malware attempt to connect with the following IP addresses to download arbitrary files:
* 69.50.212.158
* 193.105.154.218
Analysis by Patrik Vicol
0 comments:
Post a Comment