Virus:Win32/Slugin.A!dll is the DLL component of Virus:Win32/Slugin.A
. It contains the infection routine for the virus.
Virus:Win32/Slugin.A!dll looks for EXE Files to infect in all fixed, removable, and remote drives. It replaces 434 bytes from the entry point of the target file with its own code. The original 434 bytes, a copy of the malicious DLL, and some other virus data are then appended to the target file.
Sends infection notification
Virus:Win32/Slugin.A!dll sends an email message to a remote attacker containing information about the infection. The message is sent via the following mail servers:
The message is sent to the address "email@example.com" from the address "firstname.lastname@example.org".
Allows limited backdoor access and control
Virus:Win32/Slugin.A!dll opens port 10100 on the infected PC. This allows a malicious hacker to create web pages to perform the following actions on your PC:
Upload files to and from your PC
Change services settings
Analysis by Jaime Wong