Technical Details
This Trojan is a part of another malicious program, which provides a malicious user with remote access to the infected computer. It is a Windows application (PE DLL file). It is 11 776 bytes in size. It is packed using UPX. The unpacked file is approximately 58 KB in size. It is written in Delphi.
Payload
The malicious library contains two functions, which perform the following actions:
- Using the function:
SetStartUpThe Trojan registers third-party programs in the Windows autorun key[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "<name>"="<value>"where <name> and <value> are values that the Trojan obtains as call up parameters. - Using the function:
HideProcess
Žádné komentáře:
Okomentovat