Trj/GdSda.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 13 |
| First Seen: | July 25, 2017 |
| Last Seen: | February 18, 2022 |
| OS(es) Affected: | Windows |
Trj/GdSda.A is a detection name that AV companies might use to refer to a Remote Access Trojan (RAT). The Trj/GdSda.A RAT is classified as a mid-tier threat that is employed in campaigns to steal user credentials for online banking portals and social media accounts. Trj/GdSda.A is what some cyber security researchers might call an info stealer Trojan. Modern-day threats are complex programs that are not easily classified as Trojans, worms, ransomware, and RATs. Threats like the Trj/GdSda.A include a keylogger module that can be used to record your keyboard (virtual keyboard included) input and clicks on online forms. The careful examination of Trj/GdSda.A revealed that an attacker could use the threat to scan the compromised computer for data and extract files over HTTP data transmission protocol. Trj/GdSda.A is reported to include the ability to copy user credentials saved in software like Mozilla Thunderbird, Skype, mIRC, XChat, FileZilla, Google Chrome, Mozilla Firefox, Opera and Internet Explorer.
Malware researchers alert that the Trj/GdSda.A Trojan is installed on computers utilizing physical access. That means that a threat actor needs direct access to the targeted computer. The payload of Trj/GdSda.A may be saved to a USB drive, which can be used to inject a corrupted code via the PlugNPlay technology on Windows. The Trj/GdSda.A Trojan might be registered as a system service to avoid AV scanners and monitor the user's activity. The threat may run from the Temp, AppData and System32 folders on the primary local disk. Trj/GdSda.A appears to support 64-bit and 32-bit operating systems, and it can run on the latest versions of Windows. It is recommended that you run a complete system scan with a reputable anti-malware solution if you suspect infection with Trj/GdSda.A. The symptoms of Trj/GdSda.A infection include program errors, inability to access folders under the AppData directory, processes with random names in the Task Manager and failure to log in your email client. AV companies may use the following names to identify code that belongs to Trj/GdSda.A:
- PSWTool.Win32.MPR!O
- Riskware.PSWTool!
- TROJ_GE.10E03BC1
- SPY_STILLER.B
- Win32/PSW.Delf.OAS
