Win32/Syndicasec [Threat Name] go to Threat

Win32/Syndicasec.H [Threat Variant Name]

Category trojan
Size 24576 B
Detection created Feb 23, 2015
Detection database version 11222
Aliases Trojan.Win32.Cosmu.cpjx (Kaspersky)
  Trojan.Asprox.B (Symantec)
Short description

Win32/Syndicasec.H serves as a backdoor. It can be controlled remotely.

Installation

When executed, the trojan copies itself into the following location:

  • %startup%\­TPAutoConn.exe

This causes the trojan to be executed on every system start.


The trojan may create the text file:

  • %temp%\­Perfdata_2b0.js

The trojan may execute the following commands:

  • %windir%\­system32\­cscript.exe "%temp%\­Perfdata_2b0.js"
Information stealing

The trojan collects the following information:

  • MAC address
  • computer name
  • operating system version

The trojan attempts to send gathered information to a remote machine.

Other information

Win32/Syndicasec.H serves as a backdoor. It can be controlled remotely.


The trojan acquires data and commands from a remote computer or the Internet.


The performed action depends entirely on data the trojan receives from the Internet.


The trojan contains a URL address. The HTTP protocol is used in the communication.

Please enable Javascript to ensure correct displaying of this content and refresh this page.