SecurityHome.eu Trojan.Dropper.Cutwail.H

Home / malware PDF

Trojan.Dropper.Cutwail.H

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Trojan.Dropper.Cutwail.H is also known as Trojan.Downloader.Mutant Trojan.Downloader.Wigon Trojan.Pa.
Explanation :
Wnen executed, the trojan creates the file %SYSDIR%WinCtrl32.dll and creates the following registry keys:
[HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWinctrl32]
DllName=WinCtrl32.dll
StartShell=WLEventStartShell ,
in order to be executed at startup.
Also, the trojan drops a driver with the name %SYSDIR%driversWinccdd.sys, where c is a random character and d is a random digit.

The trojan injects code into svchost.exe process. The injected code connects to the following IP address : 75.126.208.82, and downloads another component, used for spamming.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20