Win32/Sirefef [Threat Name] go to Threat
Win32/Sirefef.DT [Threat Variant Name]
Available cleaner [Download Sirefef Cleaner ]
Category | trojan |
Size | 57344 B |
Aliases | Trojan.Win32.Yakes.lnl (Kaspersky) |
TrojanDropper:Win32/Sirefef.B (Microsoft) |
Short description
The trojan serves as a backdoor. It can be controlled remotely.
Installation
The trojan does not create any copies of itself.
The trojan is usually a part of other malware.
The following Registry entries are set:
- [HKEY_CURRENT_USER\\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- "Shell" = "%localappdata%\%variable%\X"
A string with variable content is used instead of %variable% .
The trojan creates and runs a new thread with its own program code within the following processes:
- explorer.exe
Other information
The trojan serves as a backdoor. It can be controlled remotely.
The trojan opens 21810 port and connects to own peer-to-peer network.
The trojan contains a list of (256) IP addresses.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- run executable files
- open ports
The following services are disabled:
- MsMpSvc