Win32/Syndicasec [Threat Name] go to Threat
Win32/Syndicasec.A [Threat Variant Name]
Category | trojan |
Size | 82944 B |
Aliases | Backdoor.Win32.Agent.dbrd (Kaspersky) |
Troj/Thetatic-D (Sophos) | |
BackDoor.Agent.AUMI.dropper (AVG) |
Short description
The trojan serves as a backdoor. It can be controlled remotely.
Installation
When executed, the trojan creates the following files:
- %temp%\gupdate.exe
- %system%\cryptbase.dll
The trojan attempts to exploit a vulnerability in User Account Control (UAC) to run arbitrary commands with elevated privileges.
Information stealing
The trojan collects the following information:
- computer name
- user name
- network adapter information
- operating system version
- malware version
The trojan attempts to send gathered information to a remote machine.
Other information
The trojan serves as a backdoor. It can be controlled remotely.
The trojan acquires data and commands from a remote computer or the Internet.
The performed action depends entirely on data the trojan receives from the Internet.
The trojan contains a list of URLs. The HTTP protocol is used in the communication.