Home / malware
First posted on 13 December 2019.
Trojan:Win32/Skintrim.C is also known as Win32/Lipler!generic, Trojan.Wintrim.Gen!Pac.4, Adware/NaviPromo.
Trojan:Win32/Skintrim.C is the detection for malware belonging to the Win32/Skintrim and Win32/Wintrim families. InstallationTrojan:Win32/Skintrim.C may be downloaded on the system as various applications, for example, as 'Games-Attack'. When installed, it may display an interface such as the following: When executed, it installs files into the following folders: %ProgramFiles%
where is the application name, for example, 'Games-Attack', as shown above. Note - refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:WinntSystem32; and for XP, Vista, and 7 is C:WindowsSystem32. It may create a mutex, such as 'mymutsglwork', to ensure that only one instance of itself is running at any given time. Payload Downloads and runs other malwareTrojan:Win32/Skintrim.C downloads and runs a random file name in the %AppData% folder. This file may be detected as a member of the Win32/Wintrim malware family. Connects to a Web siteTrojan:Win32/Skintrim.C connects to the Web site 'download.favorit-network.com', possibly to download other files without the user's consent. It may also monitor and send user browsing habits and history to a remote server and then display advertisements based on this data. Analysis by Patrik Vicol
Last update 13 December 2019