Home / malwarePDF  

TrojanDropper:Win32/Fainli.A


First posted on 18 June 2010.
Source: SecurityHome

Aliases :

TrojanDropper:Win32/Fainli.A is also known as TR/Drop.Fainli.A.13 (Avira), Trojan-Dropper.Win32.Fainli (Ikarus).

Explanation :

TrojanDropper:Win32/Fainli.A is a trojan that drops several malware in the computer.
Top

TrojanDropper:Win32/Fainli.A is a trojan that drops several malware in the computer. Payload Drops other malware TrojanDropper:Win32/Fainli.A drops the following file: %windir%\temp\11.tmp - detected as Trojan:WinNT/Alureon.H It also modifies the following registry entry to register and load the above malware as a service: Sets value: "ImagePath" With data: "%windir%\temp\11.tmp" To subkey: HKLM\System\CurrentControlSet\Services\<random generated service name> It also drops and executes the following malware using random file names in the default Windows temporary file folder:

  • Trojan:Win32/FakeSpypro
  • Trojan:Win32/Alureon.CT
  • An example file name for the dropped malware is "581f1fee.exe".

    Analysis by Marianne Mallen

    Last update 18 June 2010

     

    TOP