Class | Trojan-Clicker |
Platform | Win32 |
Description |
Technical DetailsThis Trojan will periodically load a designated web page in the Internet browser. It is a Windows PE EXE file. The executable file is 36 864 bytes in size. It is written in Visual C++. PayloadOnce launched, the Trojan copies itself to the Windows system directory as “winsvc32.exe”: %System%winsvc32.exe
It then registers this file in the system registry: [HKCUSoftwareMicrosoftWindowsCurrentVersionRun]
“winsvc32.exe” = “%System%winsvc32.exe” This ensures that the Trojan will be launched each time Windows is booted on the victim machine. Every 30 minutes, the Trojan will open http://www.greatpage.da.ru using the Windows command line. At the time of writing, no page was placed on this address. Removal instructions
|
Find out the statistics of the threats spreading in your region |