Home / malware Trojan.Dropper.Small.APL
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.Dropper.Small.APL.
Explanation :
Trojan.Dropper.Small.APL is dropped by another malware in "%windir%svchost.exe"
It drops two files:
%windir%System32 emp1.exe -> detected by BitDefender with Trojan.Perlovga.B
%windir%System32 emp2.exe -> detected by BitDefender with BackDoor.Small.L
Temp1.exe does the following :
copies %windir%svchost.exe into [SharedFolder]host.exe
copies %windir%xcopy.exe into [SharedFolder]copy.exe
copies %windir%autorun.inf into [SharedFolder]autorun.inf
modify key: HKCUSoftwareMicrosoftWindows NTCurrentVersionWindows, value: load with "%windir%svchost.exe"
Temp2.exe does the following
connect to the address: "hnmy.[Removed].org" and waiting for intructions, providing remote control(thus the name BackDoor.Small.LO)Last update 21 November 2011