SecurityHome.eu Trojan-Dropper:W32/Trop.gen!A

Home / malware PDF

Trojan-Dropper:W32/Trop.gen!A

First posted on 11 April 2009.
Source: SecurityHome
Aliases :
There are no other names known for Trojan-Dropper:W32/Trop.gen!A.
Explanation :
This type of trojan contains one or more malicious programs, which it will secretly install and execute.

Additional DetailsTrop is a dropper that is used to encrypt malware with RC4 encryption and hide it in the resource (.rscr) section. The main purpose of this type of dropper is to hide the malware and make the file look less suspicious to scanners.

The functionality is quite simple: the dropper program loads the resource, decrypts it, verifies that the decryption went fine, then executes the decrypted malware as a new process and terminates itself.

Sometimes it hides suspicious API names, such as:

• CreateProcess • NtUnmapViewOfSection • WriteProcessMemory • GetThreadContext • SetThreadContext • ResumeThread

Note

The RC4 key is usually 128bit and is usually located after the encrypted data.
Last update 11 April 2009

TOP

Malware :

Last 20

Family:

Trojan-Dropper:W32/Trop.gen!A