Win32/Syndicasec [Threat Name] go to Threat

Win32/Syndicasec.A [Threat Variant Name]

Category trojan
Size 82944 B
Detection created Mar 25, 2013
Detection database version 8159
Aliases Backdoor.Win32.Agent.dbrd (Kaspersky)
  Troj/Thetatic-D (Sophos)
  BackDoor.Agent.AUMI.dropper (AVG)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

When executed, the trojan creates the following files:

  • %temp%\­gupdate.exe
  • %system%\­cryptbase.dll

The trojan attempts to exploit a vulnerability in User Account Control (UAC) to run arbitrary commands with elevated privileges.

Information stealing

The trojan collects the following information:

  • computer name
  • user name
  • network adapter information
  • operating system version
  • malware version

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan serves as a backdoor. It can be controlled remotely.


The trojan acquires data and commands from a remote computer or the Internet.


The performed action depends entirely on data the trojan receives from the Internet.


The trojan contains a list of URLs. The HTTP protocol is used in the communication.

Please enable Javascript to ensure correct displaying of this content and refresh this page.