Threat Information for "Trojan.DownLoader.6296"
| Summary | Top |
- Name: Trojan.DownLoader.6296
- Aliases:W32/Downloader.AQXJ, Win32:Trojan-gen. {Other}, Downloader.Dluca.JK, Trojan.Downloader.Dluca-58, Downloader.Dluca.cp, Trojan-Downloader.Win32.Dluca.cp
- Date Discovered: 2006-09-11
- Protection Added: 2006-09-19
| Description | Top |
-- Ease of Removal 1: Creates new registry entries with consistent data 2: Creates new registry entries randomly from a hard-coded list 3: File names randomly generated from a hard-coded list 4: File contents randomly generated from a hard-coded list 5: Consistent file contents 6: Consistently named -- Privacy Risks/Security Changes 1: Mimics legitimate file names -- Damage/Intrusion/Annoyance 1: Downloads other threats 2: Creates new files -- Propagation/Saturation 1: Spreads through Peer-2-Peer software
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\gdimx.exe - Added Directory/File:
FilePath: %COMMONFILESDIR%\System\mplay64.exe - Added Directory/File:
FilePath: %WINDIR%\SYSTEM\mplay64.exe - Added Directory/File:
FilePath: %PROGRAMFILESDIR%\siteicons\gdimx\gdimx.exe - Added Registry Key:
Key: HKCU\Software\CTFSoftware\mplay64 - Added Registry Key:
Key: HKCU\Software\CTF\mplay64 - Added Registry Key:
Key: HKU\S-*\Software\CTFSoftware - Added Registry Key:
Key: HKCU\SOFTWARE\CTFSoftware - Added Registry Key:
Key: HKCU\Software\CTF - Added Registry Key:
Key: HKCU\Software\Program Info - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\mplay64 - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: mplay64
