Home / malware Trojan:Win32/Sefnit.O
First posted on 22 December 2019.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Sefnit.O.
Explanation :
Trojan:Win32/Sefnit.O is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer. Installation Trojan:Win32/Sefnit.O creates the following files on an affected computer:
%programfiles%qgwntawzs28pch.cpl - detected as Trojan:Win32/Sefnit.O c:documents and settingsadministratorlocal settings empk33cng2jpvu.dll - detected as Trojan:Win32/Sefnit.O c:documents and settingsadministratorlocal settings empokdo-doc-docx-to-image-converter-4.0.exe c:documents and settingsadministratorlocal settings empokdo-doc-docx-to-image-converter-4.0.log c:documents and settingsadministratorlocal settings empis-escg5.tmpokdo-doc-docx-to-image-converter-4.0.tmp c:documents and settingsadministratorlocal settings empis-lj4ql.tmp\_isetup\_regdll.tmp c:documents and settingsadministratorlocal settings empis-lj4ql.tmp\_isetup\_shfoldr.dll c:documents and settingsadministratorlocal settings emp
sdf.tmpinetc.dll
The malware modifies the following registry entries to ensure %programfiles%qgwntawzs28pch.cpl executes at each Windows start:
Adds value: "28Pch"
With data: "control.exe "c:program filesqgwntawzs28pch.cpl",0,1"
To subkey: HKCUSoftwareMicrosoftwindowscurrentversion
un Payload Contacts remote host Trojan:Win32/Sefnit.O may contact a remote host at freshversion.biz using port 80. Commonly, malware may contact a remote host for the following purposes: To report a new infection to its author To receive configuration or other data To download and execute arbitrary files (including updates or additional malware) To receive instruction from a remote attacker To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 d74ce0052089c067ab63e9884014585c20b59e7a.Last update 22 December 2019
