Trojan-Dropper.Win32.Small

Detect Date 11/03/2009
Class Trojan-Dropper
Platform Win32
Description

When launching, the Trojan copies itself to the Windows temporary directory and launches its executable file:

%Temp%~__UNINST.EXE

It then extracts the following files from its body to the Windows temporary directory:

  • %Temp%d2maphack.exe
  • %Temp%Patch.exe — this file is 494,592 bytes in size, and will be detected by Kaspersky Anti-Virus as Backdoor.Win32.Netbus.170

The Trojan then launches these files for execution.