SecurityHome.eu Trojan.Looksky.A

Home / malware PDF

Trojan.Looksky.A

First posted on 21 November 2011.
Source: BitDefender
Aliases :
There are no other names known for Trojan.Looksky.A.
Explanation :
Trojan.Looksky.A is a DLL which is an user level rootkit.

It hooks a number of APIs from ntdll.dll: NtResumeThread, NtQuerySystemInformation, NtEnumerateValueKey and NtQueryDirectoryFile in order to hide a process, a registry key and a file which contains "spoolsvv" string in name.

It injects some code in the winlogon.exe process, which loads a DLL with the name "comdlg64.dll".

It exports 2 funtions: "hide__" and "un_hide__", the "hide__" does the hooking (beside the main DLL entry), and the "un_hide__" restores the hooks.

It creates a mutex named "free_handlers", during the restoration of the hooks.
Last update 21 November 2011

TOP

Malware :

Dridex
Shamoon 2
Hitler-Ransomware
Trojan.Win32.Vicepass.A
ButterflyBot.A

Last 20