TROJ_DLOADER.VIN

by The Uni-Hacker on Aug.26, 2008, under Misc

This Trojan may be downloaded from a remote site. It may also be downloaded unknowingly by a user when visiting malicious Web sites.

Upon execution, this Trojan drops several component files, some of which are detected by Trend Micro as BKDR_SMALL.EKS. It then executes the dropped files. As a result, malicious routines of the dropped files are exhibited on the affected system. It then registers itself as a system service to ensure its automatic execution at every system startup.

It adds a reference to a non-existent file to the Layered Service Provider (LSP) chain by modifying a registry entry. It deletes itself after execution.

It connects to URLs to download malicious files detected by Trend Micro as follows:

TROJ_PROSCKS.AG
TROJ_PROSCKS.AF
TROJ_GAMETHIE.EU
TROJ_DLOADER.AAAG
TROJ_PROSCKS.AC
DIAL_CBHQ
TSPY_ONLINEG.RMH
TSPY_GAMPASS.EU

It saves the downloaded files in the Windows system folder. It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

Click the

to view the picture in full size.

Discussion

No comments for this entry yet...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

TROJ_DLOADER.VIN

TROJ_DLOADER.VIN

Discussion

Leave a Reply

Looking for something?

Visit our friends!

Archives

Security Code: