Win32/Sirefef [Threat Name] go to Threat

Win32/Sirefef.DT [Threat Variant Name]

Available cleaner [Download Sirefef Cleaner ]

Category trojan
Size 57344 B
Detection created Dec 02, 2011
Signature database version 6678
Aliases Trojan.Win32.Yakes.lnl (Kaspersky)
  TrojanDropper:Win32/Sirefef.B (Microsoft)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.


The trojan is usually a part of other malware.


The following Registry entries are set:

  • [HKEY_CURRENT_USER\­\­Software\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon]
    • "Shell" = "%localappdata%\­%variable%\­X"

A string with variable content is used instead of %variable% .


The trojan creates and runs a new thread with its own program code within the following processes:

  • explorer.exe
Other information

The trojan serves as a backdoor. It can be controlled remotely.


The trojan opens 21810 port and connects to own peer-to-peer network.


The trojan contains a list of (256) IP addresses.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • open ports

The following services are disabled:

  • MsMpSvc

Please enable Javascript to ensure correct displaying of this content and refresh this page.