Home / malware
First posted on 25 March 2014.
There are no other names known for Trojan.Trensil.
The Trojan is usually dropped by a specially crafted PDF document which exploits a vulnerability on the affected computer.
When the Trojan is executed, it creates the following files: %Temp%\000ELISEA310.TMP%UserProfile%\Templates\1A0E621SV.CAB%UserProfile%\Templates\wincex.dll%UserProfile%\Templates\wincex.dllbk
The Trojan then creates the following registry subkey:
Next, the Trojan creates a service with the following characteristics:
Service Name: WmdmPMM
The Trojan may then connect to the following remote locations: 220.127.116.1118.104.22.168
The Trojan may then perform the following actions: Receive commands from the attacker's remote locationSend information to remote locations
Last update 25 March 2014