Home / malwarePDF  

TrojanDropper:Win32/Glacid.A


First posted on 17 May 2012.
Source: Microsoft

Aliases :

There are no other names known for TrojanDropper:Win32/Glacid.A.

Explanation :



TrojanDropper:Win32/Glacid.A is a trojan that installs other components of Win32/Glacid, including Backdoor:Win32/Glacid.A, Virus:Win32/Glacid.A, and Trojan:Win32/Glacid.A.



Installation

TrojanDropper:Win32/Glacid.A may be encountered when opening a malicious Word document that contains an exploit, detected as Exploit:Win32/CVE-2012-0779.C. When Exploit:Win32/CVE-2012-0779.C is opened on a vulnerable computer, it could execute TrojanDropper:Win32/Glacid.A, which is stored within the malicious document as an embedded object.



Payload

Installs other malware

When TrojanDropper:Win32/Glacid.A executes, it installs other malware as the following:

  • <system folder>\iglicd64.dll - Trojan:Win32/Glacid.A
  • <system folder>\msjtea40.dll - Backdoor:Win32/Glacid.A


Note: <system folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.

The trojan dropper modifies a system file as the following:

  • <system folder>\samsrv.dll - Virus:Win32/Glacid.A
Additional information

For more information about Trojan:Win32/Glacid.A, Backdoor:Win32/Glacid.A and Virus:Win32/Glacid.A, see their respective descriptions elsewhere in the encyclopedia.



Analysis by Vincent Tiu

Last update 17 May 2012

 

TOP