Home / malwarePDF  


First posted on 14 August 2018.
Source: Microsoft

Aliases :

There are no other names known for Backdoor:Win32/Imecab.A.

Explanation :

This backdoor malware is installed as %Windows%\IM\winload.exe and run as a service named "gpsrv".

It can allow an attacker to sign in to affected computers as user "guest" using a hardcoded password through Remote Desktop Protocol (RDP)

Analysis by Chun Feng

Last update 14 August 2018