How to Remove Shadowpad Backdoor

Shadowpad is a Trojan horse that opens a backdoor on the compromised compute and was discovered on August 16, 2017 . It can affect Windows 7, 8 and 10 systems and the risk level is Very Low

When this Trojan is executed, it creates the following registry subkey:

  • HKEY_LOCAL_MACHINESOFTWARE[RANDOM NUMBERS]

The Trojan opens a backdoor and sends the following system information to a command and control (C&C) server:

  • System date
  • Computer name
  • Domain name
  • User name

The Trojan may also execute in memory malicious code distributed from the C&C server.

The Trojan is a malicious dynamic link library file that attackers were found to have planted in the following NetSarang server management software packages:

  • Xmanager Enterprise 5 Build 1232
  • Xmanager 5 Build 1045
  • Xshell 5 Build 1322
  • Xftp 5 Build 1218
  • Xlpd 5 Build 1220

Leave a Reply