Home / malware Trojan.Regpat.A
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Regpat.A is also known as Win32/RegPat.A!Trojan Troj/RegPat-A Application.Riskware.T.
Explanation :
The malware contains a Windows registry (.REG) file encrypted in the overlay of the executable. When run, the malware extracts this file into C:ParaTemp.reg, then inserts into the system registry using the command 'regedit -s C:ParaTemp.reg'.
When succesfully executed, the malware displays a windows titled 'Registry Patcher - Coded by ParaBytes', with the message 'All Worked. Registry patched.' After this the C:ParaTemp.reg is deleted.
The malware contains a checksum verification for the .REG file. If some error occours, or the attached .REG file has been changed, the displayed message is 'Bad Patch Data. Please contact this file supplyer.'
The malware has no other payloads.Last update 21 November 2011
