tries to create the file "Wplugin.dll" in one of your computer's Application Data folders. It may also create a file named "explorer.exe.local" in the Windows folder.
It sends an email to the following addresses to notify them that your PC has been infected:
It also creates the file "%LOCALAPPDATA%\Microsoft\Explorer\Win32Cfg.cfg", which contains virus configuration details.
infects all .EXE and .DLL files in all available drives, including removable drives.
It may display the following message box if it tries to infect a file in, for example, drive A:
Creates other malware
Virus:Win32/Slugin.A creates the following .DLL components in your computer:
These files are detected as Virus:Win32/Slugin.A!dll.
Allows backdoor access and control
opens multiple TCP ports between 10100 and 10300 to listen to commands from a remote attacker. These commands include, but are not limited to, the following:
- Uploading and downloading files
- Starting or stopping system services
- Sending spam messages
Your computer may display the following message box, as this virus tries to allow a remote attacker to connect and listen in on your computer:
Steals PC information
can send an email to the address "firstname.lastname@example.org", containing information about your PC, such as your network configuration. The email is sent from the address "email@example.com" and has the subject workshop".
Analysis by Patrik Vicol and Jim Wang
The following system changes may indicate the presence of this malware:
- The presence of the following file:
- The display of the following messages: