Home / malware Trojan:Win32/Ramnit.C
First posted on 02 April 2019.
Source: MicrosoftAliases :
Trojan:Win32/Ramnit.C is also known as Win-Trojan/Starter.3584.F, Trojan.Win32.Starter.yy, W32/Runner.NZ, Trojan.Ramnit!iQNQL6zS3w0, TR/Starter.Y, Win32/Ramnit.H, Trojan.Starter.1591, Win32/Ramnit.F, Trojan.Win32.Ramnit, W32/Ramnit.a, Trj/Starter.G, TROJ_STARTER.SM.
Explanation :
Trojan:Win32/Ramnit.C is the generic detection for a DLL component dropped by other malware. It is used to load another malware. Installation Trojan:Win32/Ramnit.C is dropped by other malware as a DLL file with the following file name format:
.cpl (for example, "kxxxacvv.cpl", "qrejtdcd.cpl") It is usually dropped with an EXE file, for example, "kctcsugs.exe" and "rdkidfba.exe". Trojan:Win32/Ramnit.C creates a mutex named "INTEL_CEDR_STORE". Payload Runs other malware Trojan:Win32/Ramnit.C creates a process to run the dropped EXE file, which may be detected as other malware such as Worm:Win32/Autorun.AAY Analysis by Lena Lin Last update 02 April 2019
