W32/Sincom!tr
Analysis
- Trojan is 32bit with a compressed file size of
7712 bytes
- Trojan may have been installed by W32/DL.3072-net,
downloaded from the Internet and copied to the local
system as "sproc32.exe" - the registry may
be altered to load the Trojan at Windows startup -
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
Sproc32 = undefinedWindowsundefined\sproc32.exe
-
At next Windows restart, the Trojan may log keystrokes into a file "c:\xf3e.tmp"
The Trojan may connect to the Internet and send data to hard-coded email addresses -testaddr23@hotbox.ru
testaddr23@mail15.com