TROJ_DELPACK.A

Trend Micro has flagged this Trojan as noteworthy due to the increased potential for damage, propagation, or both, that it possesses. Specifically, Specifically, it is a component file of PE_DELPACK.A, a file infector that infects files by compressing them, and then bundling them with the main file.

To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below.

This Trojan may arrive as a file that exports functions used by other malware. It may be downloaded by other malware/grayware/spyware from remote sites. It may be downloaded by other malware/grayware from remote sites. It may be dropped by other malware.

Arrival Details

This Trojan may arrive as a file that exports functions used by other malware.

It may be downloaded by other malware/grayware/spyware from remote sites.

It may be downloaded by the following malware/grayware from remote sites:

• PE_DELPACK.A

It may be dropped by other malware.

Installation

This Trojan is injected into the following processes running in memory:

• explorer.exe

Autostart Technique

This Trojan registers itself as a BHO to ensure its automatic execution every time Internet Explorer is used by adding the following registry keys:

HKEY_CLASSES_ROOT\CLSID\{random CLSID}\
InprocServer32
(Default) = {malware path and file name}.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{random CLSID}
(Default) = {random value}