Backdoor:Win32/Mangzamel.A is also known as BackDoor-FBR (McAfee), Troj/Mangzam-A (Sophos), Program.SkServer.7 (Dr.Web), Troj/Rootkit.IJ (Sophos).
Explanation :
Backdoor:Win32/Mangzamel.A is a trojan console application that can be instructed to perform certain actions by an attacker with access to the affected computer.
Top
Backdoor:Win32/Mangzamel.A is a trojan console application that can be instructed to perform certain actions by an attacker with access to the affected computer.
InstallationThis malware may be installed by another process or by a remote attacker with write access to the affected computer. The trojan accepts and responds to certain commands which are passed as arguments, for
example:
* -v - sends data that identifies the version of the trojan
* -t - installs the binary as a service named SEVNES
* -i - verifies that the binary was successfully installed as a service
When installed to run as a service, the registry is modified to run the malware, as in the following example:
In subkey: HKLM\System\CurrentControlSet\Services\SEVNES
Sets value: "ImagePath"
With data: "
Analysis by Vincent Tiu
0 comments:
Post a Comment