Home / malware TrojanDownloader:Win32/Monkif.S
First posted on 29 October 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Monkif.S is also known as Trojan horse Downloader.Generic10.WMA (AVG), TR/Dldr.Calper.bix (Avira), Trojan.Generic.4836064 (BitDefender), Trojan.MulDrop1.49382 (Dr.Web), Trojan-Downloader.Win32.Calper (Ikarus), TROJ_DLOAD.SMAB (Trend Micro).
Explanation :
TrojanDownloader:Win32/Monkif.S is a trojan that installs other malware on the affected computer.
Top
TrojanDownloader:Win32/Monkif.S is a trojan that installs other malware on the affected computer. Payload Drops and installs other malware Upon execution, TrojanDownloader:Win32/Monkif.S drops the DLL file €œmstmp€ in the %TEMP% directory, and makes the following registry modifications in order to install this dropped DLL as a Browser Helper Object (BHO): In subkey: HKCU\Software\Classes\PROTOCOLS\Filter\text/html Sets value: "(Default)" With data: "Microsoft Default HTML MIME Filter" In subkey: HKCU\Software\Classes\PROTOCOLS\Filter\text/html Sets value: "CLSID" With data: "<machine derived value>" In subkey: HKCU\Software\Classes\CLSID\<machine derived value>\InProcServer32 Sets value: "(Default)" With data: "%TEMP%\mstmp." In subkey: HKCU\Software\Classes\CLSID\<machine derived value >\InProcServer32 Sets value: "ThreadingModel" With data: "Apartment€ This DLL is detected as TrojanDownloader:Win32/Monkif.O, and performs the trojan's main payloads. For information on this trojan, please refer to the TrojanDownloader:Win32/Monkif.O description elsewhere in the encyclopedia.
Analysis by Amir FoudaLast update 29 October 2010
