Win32/Sayunojok [Threat Name] go to Threat

Win32/Sayunojok.A [Threat Variant Name]

Category trojan
Size 15360 B
Detection created Sep 20, 2017
Detection database version 16113
Aliases Trojan.Win32.Agent.ifvh (Kaspersky)
  BackDoor.Siggen.59549 (Dr.Web)
  Trojan:Win32/Sayunojok.A (Microsoft)
Short description

The trojan serves as a backdoor. It can be controlled remotely. The file is run-time compressed using UPX .

Installation

The trojan does not create any copies of itself.


The trojan is probably a part of other malware.


The trojan quits immediately if any of the following folders/files is detected:

  • C:\­WINDOWS\­Help\­cnwb.html
Other information

The trojan creates a new user account with the username:

  • synjkc$

and the password:

  • 52900523aa!@#

The trojan adds the user "synjkc$" to the following groups:

  • Administrators

The trojan opens the following URLs:

  • http://%removed%/asp/mail.asp?QQnumber=

The trojan opens TCP port 10030 .


The trojan acquires data and commands from a remote computer or the Internet.


It can execute the following operations:

  • execute shell commands

Please enable Javascript to ensure correct displaying of this content and refresh this page.