Win32/Roseam [Threat Name] go to Threat

Win32/Roseam.B [Threat Variant Name]

Category trojan
Size 126976 B
Aliases Trojan:Win32/Roseam.B!dha (Microsoft)
  Backdoor.Psiload (Symantec)
Short description

The trojan serves as a backdoor. It can be controlled remotely.


When executed, the trojan creates the following files:

  • %appdata%\­lsm.exe (102400 B, Win32/Roseam.B)

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "lsm" = "%appdata%\­lsm.exe"
Information stealing

The trojan collects the following information:

  • computer name
  • user name
  • operating system version

The trojan can send the information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan generates various URL addresses. The UDP protocol is used in the communication.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • execute shell commands
  • send gathered information
  • send the list of disk devices and their type to a remote computer
  • send the list of files on a specific drive to a remote computer

Please enable Javascript to ensure correct displaying of this content and refresh this page.