SecurityHome.eu Trojan:Win32/Rimecud.A

Home / malware PDF

Trojan:Win32/Rimecud.A

First posted on 15 February 2019.
Source: Microsoft
Aliases :
There are no other names known for Trojan:Win32/Rimecud.A.
Explanation :
Installation Trojan:Win32/Rimecud.A copies itself to c:documents and settingsadministratorapplication dataohydy.exe. The malware modifies the following registry entries to ensure that its copy executes at each Windows start:

Adds value: "Taskman"
With data: "c:documents and settingsadministratorapplication dataohydy.exe"
To subkey: HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon The malware utilizes code injection in order to hinder detection and removal. When Trojan:Win32/Rimecud.A executes, it may inject code into running processes, including the following, for example:

explorer.exe This malware description was produced and published using our automated analysis system's examination of file SHA1 2fd0085228af699ce884310216a6112543bae995.
Last update 15 February 2019

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:Win32/Rimecud.A
Trojan:Win32/Rimecud.I