SecurityHome.eu Trojan:Win32/Simda.R

Home / malware PDF

Trojan:Win32/Simda.R

First posted on 25 February 2012.
Source: Microsoft
Aliases :
Trojan:Win32/Simda.R is also known as TR/Spy.5632.23 (Avira), Trojan.Rodricter.1 (Dr.Web), Trojan.Win32.Zapchast (Ikarus), Trojan.Win32.Zapchast.exi (Kaspersky).
Explanation :
Trojan:Win32/Simda.R is a component of Backdoor:Win32/Simda.A that is used to bypass the user account control (UAC) dialog in order to gain administrator privileges on the affected computer.

Top

Trojan:Win32/Simda.R is a component of Backdoor:Win32/Simda.A that is used to bypass the user account control (UAC) dialog in order to gain administrator privileges on the affected computer.

Trojan:Win32/Simda.R is a DLL file written into the %Temp% folder. The name may have the format "%Temp%\SE<random hex>.TMP". It is executed in the context of "explorer.exe", then after has performed its malicious routine, it is deleted.

It successfully creates a COM Elevation Moniker object under "explorer.exe", then transfers the acquired priviledges to the main injector process, Backdoor:Win32/Simda.A.

Analysis by Mihai Calota

Last update 25 February 2012

TOP

Malware :

Last 20

Trojan:Win32/Simda.R

Aliases :

Explanation :

Malware :

Family: