Home / malwarePDF  

Trojan.Dropper.Cutwail.D


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.Dropper.Cutwail.D is also known as VirTool:WinNT/Cutwail.F, (OneCare.

Explanation :

This malware drops the following files
%SYSDIR%WLCtrl32.dll
%SYSDIR%drivers<random_name>.sys
It modifies the registry in order to enable its automatic excution after every system reboot the execution is enabled also in Safe Mode) and registers itself as a service.
After executing the dropper deletes itself.
The driver has WLCtrl32.dll inside its resource section and it restores it and/or the registry entries if removed.

Last update 21 November 2011

 

TOP