Home / malware TrojanDropper:Win32/Maptrepol.A
First posted on 23 August 2016.
Source: MicrosoftAliases :
There are no other names known for TrojanDropper:Win32/Maptrepol.A.
Explanation :
Installation
This threat can create files on your PC, including:
- %ProgramData%\microsoft\windows\start menu\programs\winrar\console rar-handleiding.lnk
- %ProgramData% \microsoft\windows\start menu\programs\winrar\wat is nieuw in de meest recente versie.lnk
- %ProgramFiles%\winrar\rar.exe
- %ProgramFiles%\winrar\rarext.dll
- %ProgramFiles%\winrar\unacev2.dll
- %ProgramFiles% \winrar\winrar.exe
- %TEMP%\sega\nvvscv.exe
- %TEMP% \sega\prst.dll
- %TEMP% \sega\wndplyr.exe
\programs\winrar\winrar.lnk
It can make various registry changes during its installation, including:
In subkey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32
Sets value: "(default)"
With data: "%ProgramFiles%\winrar\rarext.dll"
In subkey: HKLM\Software\RegisteredApplications
Sets value: "WinRAR"
With data: "software\winrar\capabilities" In subkey: HKLM\Software\WinRAR\Capabilities\FileAssociations
Sets value: ".001"
With data: "winrar"
It might use this mutex as an infection marker to prevent more than one copy of the threat running on your PC.
This malware description was published using automated analysis of file SHA1 5910d9b6693cc5bfee4ebbd990928a3aee6fa2e1.Last update 23 August 2016
