SecurityHome.eu Trojan.Krompt

Home / malware PDF

Trojan.Krompt

First posted on 17 June 2014.
Source: Symantec
Aliases :
There are no other names known for Trojan.Krompt.
Explanation :
When the Trojan is executed, it creates the following files: %UserProfile%\WindowsUpdate\System\Isass.exe %Temp%\System\Configurations.ini
Next, the Trojan creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"System." = "%UserProfile%\WindowsUpdate\System\Isass.exe"

The Trojan then connects to the following remote location to receive commands from the remote attacker:
internetexplorers.org
Last update 17 June 2014

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Family:

Trojan:W32/Qhost.JE
Trojan-Downloader:HTML/Agent.DY
Trojan.Cidox!kmem
Trojan.Ransomlock!g75
Trojan.Klovbot!gen2
Trojan.Poweliks!gm
Trojan.Shylock!gen9
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan:SymbOS/Bootton.I