Home / malware TrojanDropper:Win32/Homutex.A
First posted on 06 July 2010.
Source: SecurityHomeAliases :
TrojanDropper:Win32/Homutex.A is also known as Dropper/Agent.25088.O (AhnLab), W32/Trojan.CQX (Authentium (Command)), Trojan-Dropper.Win32.Agent.apy (Kaspersky), W32/Agent.ABYI (Norman), Trojan.Agent.BXBO (VirusBuster), Dropper.Agent.BDC (AVG), Trojan.Dropper.Agent.APY (BitDefender), Win32/TrojanDropper.Agent.APY (ESET), Trojan-Dropper.Agent (Ikarus), BackDoor-CZX (McAfee), Troj/Bckdr-JWD (Sophos), Backdoor.Homutex (Symantec), BKDR_HOMUTEX.B (Trend Micro).
Explanation :
TrojanDropper:Win32/Homutex.A is a trojan that drops and installs a malicious Windows Sockets 2 transport service provider backdoor.
Top
TrojanDropper:Win32/Homutex.A is a trojan that drops and installs a malicious Windows Sockets 2 transport service provider backdoor. Payload Drops and installs other malware When run, TrojanDropper:Win32/Homutex.A drops the following files into the Windows system folder: justtry.reg - registry installation file stdole.tbl - encrypted registry installation file abcedg.dll - detected as Backdoor:Win32/Homutex.A.dll TrojanDropper:Win32/Homutex.A may also overwrite and/or set the following registry data to ensure that its dropped malware is installed: Adds value: "PackedCatalogItem" With data: "<system folder>\abcedg.dll <hex value>" In subkeys: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 to HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\0000000000??
Analysis by Jireh SanicoLast update 06 July 2010