Win32/PSW.LdPinch [Threat Name] go to Threat

Win32/PSW.LdPinch.NNK [Threat Variant Name]

Category trojan
Size 16896 B
Detection created Sep 02, 2014
Detection database version 10353
Aliases Trojan-PSW.Win32.LdPinch.doe (Kaspersky)
  Trojan:Win32/AgentBypass.gen!A (Microsoft)
  Infostealer (Symantec)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.


The following Registry entries are created:

  • [HKEY_LOCAL_MACHINE\­SYSTEM\­ControlSet001\­Services\­SharedAccess\­Parameters\­FirewallPolicy\­StandardProfile\­AuthorizedApplications\­List]
    • "%malwarefilepath%" = "%malwarefilepath%:*:Enabled:%malwarefilename%"

The performed data entry creates an exception in the Windows Firewall program.

Information stealing

The trojan collects the following information:

  • volume serial number
  • computer name
  • user name

The trojan attempts to send gathered information to a remote machine.


The trojan sends the information via e-mail.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • various filesystem operations

The trojan opens some TCP ports:

  • 21
  • 2050

Please enable Javascript to ensure correct displaying of this content and refresh this page.