Trojan.Win32.Golns - KernelMode.info

Re: Malware/Not classified

#6956 by EP_X0FF
Mon Jun 27, 2011 11:30 am

Xylitol wrote:if someone know what is that

3/42 >> 7.1%
http://www.virustotal.com/file-scan/rep ... 1309171302

Trojan muldrop. Install WinpkFilter driver and drops actual rootkit named srenum.sys (playing around similar name of legitimate serenum.sys). Driver set on autostart. Can't tell anything else right now because test system died with help of this rootkit installation. However system is still accessible through Safe Mode.

edit: srenum.sys does not work without first driver (it communicates with it). Also drops msrun.exe to system32 folder. Find attached. Purpose - parsing likely config file (\\SystemRoot\\System32\\setie.txt) and starting additional processes.

Overall - this is backdoor with driver agents components. No rootkit activity found. All malware components can be removed without using any third party tools including antiviruses.

Attachments

msrun.rar

pass: malware
(1.56 KiB) Downloaded 57 times

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact