SecurityHome.eu Trojan.Dropper.Small.APL

Home / malware PDF

Trojan.Dropper.Small.APL

First posted on 21 November 2011.
Source: BitDefender
Aliases :
There are no other names known for Trojan.Dropper.Small.APL.
Explanation :
Trojan.Dropper.Small.APL is dropped by another malware in "%windir%svchost.exe"
It drops two files:
%windir%System32 emp1.exe -> detected by BitDefender with Trojan.Perlovga.B
%windir%System32 emp2.exe -> detected by BitDefender with BackDoor.Small.L
Temp1.exe does the following :
copies %windir%svchost.exe into [SharedFolder]host.exe
copies %windir%xcopy.exe into [SharedFolder]copy.exe
copies %windir%autorun.inf into [SharedFolder]autorun.inf
modify key: HKCUSoftwareMicrosoftWindows NTCurrentVersionWindows, value: load with "%windir%svchost.exe"

Temp2.exe does the following
connect to the address: "hnmy.[Removed].org" and waiting for intructions, providing remote control(thus the name BackDoor.Small.LO)
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Small.QP
Trojan-Downloader:W32/Small.CZL
Trojan.Downloader.Small.FS
Virus:W32/Small.AJ
Trojan-Spy:W32/Small.BSL
Trojan.Dropper.Small.APL
Trojan-Downloader:W32/Small.EKV
Trojan-Downloader:W32/Small.AAFH
Trojan.Downloader.Small.ABFV
Small.DOG