Home / malware Virus:Win32/Patchload.R
First posted on 20 March 2012.
Source: MicrosoftAliases :
Virus:Win32/Patchload.R is also known as Trojan.Gampass.D!inf (Symantec), Trojan.Patched.Fengd.A (BitDefender), Trojan.Win32.Patched.my (Kaspersky), Win32.Netcom (Dr.Web), Win-Trojan/PatchedImm8.Gen (AhnLab).
Explanation :
Virus:Win32/Patchload.R is a generic detection for modified DLL files that are used to load arbitrary files that may already be present on an affected computer. In the wild, it has been observed being used to load files that are related to PWS:Win32/OnLineGames - a family of trojans that steals credentials and other related data for popular online games.
Top
Virus:Win32/Patchload.R is a generic detection for modified DLL files that are used to load arbitrary files that may already be present on an affected computer. In the wild, it has been observed being used to load files that are related to PWS:Win32/OnLineGames - a family of trojans that steals credentials and other related data for popular online games.
Installation
Virus:Win32/Patchload.R may be installed by other malware and present as a modified system DLL. For example, in the wild it has been found in modified versions of the following DLL (amongst others):
- imm32.dll
The malicious code is appended to the code section of the modified DLL file.
Payload
Loads arbitrary files
Upon execution of a modified DLL file, it loads an arbitrary number of files whose paths and names are hardcoded within its body.
In the wild, this malware has been observed attempting to load files with the following file name:
- wuautui.dll
These files may be related to the PWS:Win32/OnLineGames family.
Analysis by Lena Lin
Last update 20 March 2012
