SecurityHome.eu Backdoor.Slordu

Home / malware PDF

Backdoor.Slordu

First posted on 08 September 2014.
Source: Symantec
Aliases :
There are no other names known for Backdoor.Slordu.
Explanation :
When the Trojan is executed, it drops the following file:
[PATH TO TROJAN]/Schedsvc.dll

Next, the Trojan connects to the following IP address:
210.211.31.246

The Trojan then opens a back door on the compromised computer, allowing an attacker to perform the following actions:
Create a remote shellUpdate the configurationTraverse file systemsDownload filesCreate new processesCapture screenshotsLog keystrokes
The Trojan then gathers the following information and sends it to a remote location:
Operating system name and versionHost nameUser nameCaptured screenshotsLogged keystrokesHome folder pathList of installed applications
The Trojan may also steal files with the following extensions from the desktop and Documents folder:
.pdf.doc.docx.ppt.pptx
Last update 08 September 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Backdoor.Typideg!gen1
Backdoor.Breut!gm
Backdoor:Solaris/Wanukdoor.A
Backdoor.Winnti!gen3
Backdoor.Korplug!gm
Backdoor.Gresim!gen1
Backdoor.Win32.Wisdoor.N
Backdoor:W32/PcClient.YW
Backdoor.Destover
Backdoor.Oldrea!gen1