Search
Keyword: troj per cent5fmdropper per cent2ebh
to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 36f8ee1 = "%System Root%\36f8ee1a\36f8ee1a.exe" HKEY_CURRENT_USER\Software
value data of the said registry entry is 2 .) Dropping Routine This Trojan drops the following files: %User Temp%\Directory\Desktop\Email and Password List.txt %Application Data%\System_3271122 %User Temp
\Software\Microsoft\ Windows NT\CurrentVersion\Windows load = "%Windows%\rundl132.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Tracing\ Microsoft\Imapi LogSessionName = "stdout"
\Software\Microsoft\ Windows NT\CurrentVersion\Windows load = "%Windows%\rundl132.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Tracing\ Microsoft\Imapi LogSessionName = "stdout"
Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan adds the following processes: %User Temp%
may be manually installed by a user. Installation This Potentially Unwanted Application adds the following folders: %User Temp%\in{random} %User Temp%\inH{random} %User Temp%\inH{random}\css %User Temp%
malicious sites. Installation This Potentially Unwanted Application drops the following files: %User Temp%\nsn{Random Hex}.tmp %User Temp%\nsc{Random Hex}.tmp\LuaBridge.dll %User Temp%\nsn{Random Hex}.tmp
Root%\DOCUME~1 %System Root%\DOCUME~1\Wilbert %User Profile%\LOCALS~1 %User Temp%/LCBvgBOvsxRGEGppZvA\apps %User Temp%/LCBvgBOvsxRGEGppZvA\skin %User Temp%/LCBvgBOvsxRGEGppZvA\skin/res %User Temp
Temp%\sdbh.exe (Note: %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32-
Root%\DOCUME~1 %System Root%\DOCUME~1\Wilbert %User Profile%\LOCALS~1 %User Temp%/K1H1elo6MpUVCtTOjml\apps %User Temp%/K1H1elo6MpUVCtTOjml\skin %User Temp%/K1H1elo6MpUVCtTOjml\skin/res %User Temp
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Temp%\~zm_
\FlashTopia\js %System Root%\Google %System Root%\Google\Chrome %System Root%\Google\Chrome\User Data %System Root%\Google\Chrome\User Data\Profile 1 %System Root%\Google\Chrome\User Data\Profile 2 %System Root
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other System Modifications This Trojan deletes the following files: %Temporary Internet Files%
Profile%\s-1-5-21-1645522239-1292428093-682003330-1003\nlqngmz.exe (Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and
following copies of itself into the affected system: %System%\winupdate.exe (Note: %System% is the Windows system folder, which is usually C:\Windows\System32.) Autostart Technique This Trojan adds the
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other System Modifications This Trojan deletes the following files: %System Root%\ntldr %Windows%
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %Program Files%\WinRAR (Note: %Program
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other System Modifications This backdoor modifies the following file(s): %Windows%\inf\intl.PNF
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other System Modifications This Trojan modifies the following file(s): %Windows%\inf\intl.PNF
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Other System Modifications This Trojan modifies the following file(s): %Windows%\inf\intl.PNF