Home / malwarePDF  

Trojan:WinNT/Kapa.A


First posted on 06 October 2010.
Source: SecurityHome

Aliases :

Trojan:WinNT/Kapa.A is also known as KillKAV.D (AVG), Win32/Kapa.A (CA), Win32/AutoRun.AntiAV.R (ESET), Rootkit.Win32.Small (Ikarus), Generic Rootkit.ep (McAfee), RootKit.Win32.Mnless.bqp (Rising AV), Mal/Agent-S (Sophos), Hacktool.Rootkit (Symantec).

Explanation :

Trojan:WinNT/Kapa.A is a detection for a kernel-mode trojan that may be directed by other malware to terminate services.
Top

Trojan:WinNT/Kapa.A is a detection for a kernel-mode trojan that may be directed by other malware to terminate services. Installation Trojan:WinNT/Kapa.A terminates specified processes by using native API calls. The trojan may be present as a file named "DRV.SYS". The trojan c reates a device named "DrvDN". Payload Terminates processes Trojan:WinNT/Kapa.A searches for the non-exported kernel function "PspTerminateProcess" address and calls it to terminate a process name received from other malware.

Analysis by Shawn Wang

Last update 06 October 2010

 

TOP