Home / malwarePDF  


First posted on 25 March 2014.
Source: Symantec

Aliases :

There are no other names known for Trojan.Trensil.

Explanation :

The Trojan is usually dropped by a specially crafted PDF document which exploits a vulnerability on the affected computer.

When the Trojan is executed, it creates the following files: %Temp%\000ELISEA310.TMP%UserProfile%\Templates\1A0E621SV.CAB%UserProfile%\Templates\wincex.dll%UserProfile%\Templates\wincex.dllbk
The Trojan then creates the following registry subkey:

Next, the Trojan creates a service with the following characteristics:
Service Name: WmdmPMM

The Trojan may then connect to the following remote locations:
The Trojan may then perform the following actions: Receive commands from the attacker's remote locationSend information to remote locations

Last update 25 March 2014