Home / malwarePDF  


First posted on 13 December 2019.
Source: Microsoft

Aliases :

Trojan:Win32/Skintrim.C is also known as Win32/Lipler!generic, Trojan.Wintrim.Gen!Pac.4, Adware/NaviPromo.

Explanation :

Trojan:Win32/Skintrim.C is the detection for malware belonging to the Win32/Skintrim and Win32/Wintrim families. InstallationTrojan:Win32/Skintrim.C may be downloaded on the system as various applications, for example, as 'Games-Attack'. When installed, it may display an interface such as the following:   When executed, it installs files into the following folders:  %ProgramFiles%  where is the application name, for example, 'Games-Attack', as shown above. Note - refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:WinntSystem32; and for XP, Vista, and 7 is C:WindowsSystem32.  It may create a mutex, such as 'mymutsglwork', to ensure that only one instance of itself is running at any given time. Payload Downloads and runs other malwareTrojan:Win32/Skintrim.C downloads and runs a random file name in the %AppData% folder. This file may be detected as a member of the Win32/Wintrim malware family.  Connects to a Web siteTrojan:Win32/Skintrim.C connects to the Web site 'download.favorit-network.com', possibly to download other files without the user's consent. It may also monitor and send user browsing habits and history to a remote server and then display advertisements based on this data. Analysis by Patrik Vicol

Last update 13 December 2019