Home / malwarePDF  

Backdoor:Win32/Imecab.A


First posted on 14 August 2018.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win32/Imecab.A.

Explanation :

This backdoor malware is installed as %Windows%\IM\winload.exe and run as a service named "gpsrv".

It can allow an attacker to sign in to affected computers as user "guest" using a hardcoded password through Remote Desktop Protocol (RDP)





Analysis by Chun Feng

style="" id="preventionHead" class="threatSubContentHead

Last update 14 August 2018

 

TOP