SecurityHome.eu Trojan:Win32/Kras.A

Home / malware PDF

Trojan:Win32/Kras.A

First posted on 22 March 2013.
Source: Microsoft
Aliases :
There are no other names known for Trojan:Win32/Kras.A.
Explanation :

Installation

Trojan:Win32/Kras.A may have the file name "update.exe" or "schsvcsc.exe". After performing its payload (see below), it might delete itself.

Payload

Drops other malware

When run, the file named "update.exe" drops a file named "schsvcsc.dll", which is detected as Trojan:Win32/Dembr.A.

Automatically runs the dropped malware

The file named "schsvcsc.exe" enables "SeDebugPrivilege" to give the dropped DLL file higher privileges on your computer. It also injects the DLL file into the legitimate Windows process "lsass.exe".

Analysis by Justin Kim and Horea Coroiu

Last update 22 March 2013

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:Win32/Kras.A