Home / malware Backdoor:Win32/Smadow.gen!B
First posted on 13 October 2011.
Source: SecurityHomeAliases :
Backdoor:Win32/Smadow.gen!B is also known as Backdoor.Maxplus.13 (Dr.Web), Maxplus (other).
Explanation :
Backdoor:Win32/Smadow.gen!B is a generic detection for malware that can perform different actions, such as executing other malware. The executed malware may be detected as TrojanDropper:Win32/Sirefef.B or Trojan:Win32/Sirefef.
Top
Backdoor:Win32/Smadow.gen!B is a generic detection for malware that can perform different actions, such as executing other malware. The executed malware may be detected as TrojanDropper:Win32/Sirefef.B or Trojan:Win32/Sirefef.
Installation
Some variants of this malware may be present in the Application Data directory:
%APPDATA%\<file name>.exe
The registry is modified to run the trojan at each Windows start.
In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Sets value: "AD Network"
With data: "%APPDATA%\<malware file name>.exe"
In the wild, we have observed some variants of Backdoor:Win32/Smadow.gen!B present with other malware including TrojanDropper:Win32/Sirefef.B or Trojan:Win32/Sirefef. Some variants of this malware attempt to connect with the following IP addresses to download arbitrary files:
- 69.50.212.158
- 193.105.154.218
Analysis by Patrik Vicol
Last update 13 October 2011
