Home / malware Backdoor:Win32/Mangzamel.A
First posted on 02 November 2011.
Source: SecurityHomeAliases :
Backdoor:Win32/Mangzamel.A is also known as BackDoor-FBR (McAfee), Troj/Mangzam-A (Sophos), Program.SkServer.7 (Dr.Web), Troj/Rootkit.IJ (Sophos).
Explanation :
Backdoor:Win32/Mangzamel.A is a trojan console application that can be instructed to perform certain actions by an attacker with access to the affected computer.
Top
Backdoor:Win32/Mangzamel.A is a trojan console application that can be instructed to perform certain actions by an attacker with access to the affected computer.
Installation
This malware may be installed by another process or by a remote attacker with write access to the affected computer. The trojan accepts and responds to certain commands which are passed as arguments, for example:
- -v - sends data that identifies the version of the trojan
- -t - installs the binary as a service named SEVNES
- -i - verifies that the binary was successfully installed as a service
When installed to run as a service, the registry is modified to run the malware, as in the following example:
In subkey: HKLM\System\CurrentControlSet\Services\SEVNES
Sets value: "ImagePath"
With data: "<malware path and file name>"
Analysis by Vincent Tiu
Last update 02 November 2011
