Home / malware

PDF

TrojanDropper:Win32/Fainli.A

First posted on 18 June 2010.
Source: SecurityHome

Aliases :

TrojanDropper:Win32/Fainli.A is also known as TR/Drop.Fainli.A.13 (Avira), Trojan-Dropper.Win32.Fainli (Ikarus).

Explanation :

TrojanDropper:Win32/Fainli.A is a trojan that drops several malware in the computer.
Top

TrojanDropper:Win32/Fainli.A is a trojan that drops several malware in the computer. Payload Drops other malware TrojanDropper:Win32/Fainli.A drops the following file: %windir%\temp\11.tmp - detected as Trojan:WinNT/Alureon.H It also modifies the following registry entry to register and load the above malware as a service: Sets value: "ImagePath" With data: "%windir%\temp\11.tmp" To subkey: HKLM\System\CurrentControlSet\Services\<random generated service name> It also drops and executes the following malware using random file names in the default Windows temporary file folder:

Trojan:Win32/FakeSpypro

Trojan:Win32/Alureon.CT

An example file name for the dropped malware is "581f1fee.exe".

Analysis by Marianne Mallen

Last update 18 June 2010

 

TOP