Home / malware Trojan.Dropper.Cutwail.H
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Dropper.Cutwail.H is also known as Trojan.Downloader.Mutant Trojan.Downloader.Wigon Trojan.Pa.
Explanation :
Wnen executed, the trojan creates the file %SYSDIR%WinCtrl32.dll and creates the following registry keys:
[HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWinctrl32]
DllName=WinCtrl32.dll
StartShell=WLEventStartShell ,
in order to be executed at startup.
Also, the trojan drops a driver with the name %SYSDIR%driversWinccdd.sys, where c is a random character and d is a random digit.
The trojan injects code into svchost.exe process. The injected code connects to the following IP address : 75.126.208.82, and downloads another component, used for spamming.Last update 21 November 2011
