Backdoor:Win32/Mangzamel.A

Backdoor:Win32/Mangzamel.A is a trojan console application that can be instructed to perform certain actions by an attacker with access to the affected computer.

Installation

This malware may be installed by another process or by a remote attacker with write access to the affected computer. The trojan accepts and responds to certain commands which are passed as arguments, for example:

• -v - sends data that identifies the version of the trojan
• -t - installs the binary as a service named SEVNES
• -i - verifies that the binary was successfully installed as a service

When installed to run as a service, the registry is modified to run the malware, as in the following example:

In subkey: HKLM\System\CurrentControlSet\Services\SEVNES
Sets value: "ImagePath"
With data: "<malware path and file name>"

Analysis by Vincent Tiu