Technical Details
This Trojan installs other programs to the victim machine without the knowledge or consent of the user. It is a Windows application (PE EXE file). It is 24 064 bytes in size. It is packed using UPX. The unpacked file is approximately 55 KB in size. It is written in C++.
Payload
Once launched, the Trojan performs the following actions:
- It extracts a file from its body and saves it in the system as:
%System%\mspyeajp.dll(36 865 bytes; detected by Kaspersky Anti-Virus as "Trojan-GameThief.Win32.OnLineGames.wvkw") - It launches the system utility "Rundll32.exe" with the following parameters:
%System%\mspyeajp.dll,wThis leads to a call to a function named "w" in the extracted DLL. - It finds a window with the class name "GxWindowClassD3d" in the system and closes it by sending the message WM_CLOSE.
- In its working directory, it creates a script for the command interpreter, launches it, and ceases running. This script deletes the original Trojan file and deletes itself.
The Trojan then ceases running.
Removal instructions
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
- Delete the following file:
%System%\mspyeajp.dll
Žádné komentáře:
Okomentovat