Home / malware TrojanDropper:Win32/Glacid.A
First posted on 17 May 2012.
Source: MicrosoftAliases :
There are no other names known for TrojanDropper:Win32/Glacid.A.
Explanation :
TrojanDropper:Win32/Glacid.A is a trojan that installs other components of Win32/Glacid, including Backdoor:Win32/Glacid.A, Virus:Win32/Glacid.A, and Trojan:Win32/Glacid.A.
Installation
TrojanDropper:Win32/Glacid.A may be encountered when opening a malicious Word document that contains an exploit, detected as Exploit:Win32/CVE-2012-0779.C. When Exploit:Win32/CVE-2012-0779.C is opened on a vulnerable computer, it could execute TrojanDropper:Win32/Glacid.A, which is stored within the malicious document as an embedded object.
Payload
Installs other malware
When TrojanDropper:Win32/Glacid.A executes, it installs other malware as the following:
- <system folder>\iglicd64.dll - Trojan:Win32/Glacid.A
- <system folder>\msjtea40.dll - Backdoor:Win32/Glacid.A
Note: <system folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
The trojan dropper modifies a system file as the following:
Additional information
- <system folder>\samsrv.dll - Virus:Win32/Glacid.A
For more information about Trojan:Win32/Glacid.A, Backdoor:Win32/Glacid.A and Virus:Win32/Glacid.A, see their respective descriptions elsewhere in the encyclopedia.
Analysis by Vincent Tiu
Last update 17 May 2012
