Home / malware
First posted on 14 August 2018.
There are no other names known for Backdoor:Win32/Imecab.A.
This backdoor malware is installed as %Windows%\IM\winload.exe and run as a service named "gpsrv".
It can allow an attacker to sign in to affected computers as user "guest" using a hardcoded password through Remote Desktop Protocol (RDP)
Analysis by Chun Feng
Last update 14 August 2018