Search
Keyword: troj_crypctb
Based on analysis of the codes, this Trojan is a document file that uses a .JTD extension name. The said extension name used is recognized by Ichitaro , a word processing application from JustSystem
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan searches for .DLL files in the System folder. It uses {DLL name}wow.exe as the malware file name. It executes a certain command to bypass Windows Firewall. This Trojan arrives on a system
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It exports functions used by other malware. It requires
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain URLs. It may do this to remotely
This Trojan arrives as a file that exports the functions of other malware/grayware. It may arrive bundled with malware packages as a malware component. It arrives on a system as a file dropped by
This Trojan arrives as a file that exports the functions of other malware/grayware. It may be dropped by other malware. It arrives as a component bundled with malware/grayware packages. It requires
This Trojan may be injected into several processes by its main component to stay resident in memory. This Trojan arrives on a system as a file dropped by other malware or as a file downloaded
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
This Trojan may be dropped by other malware. It arrives as a component bundled with malware/grayware packages. It exports functions used by other malware. It requires its main component to
This Trojan may arrive as a file that exports functions used by other malware. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting
As of this writing, the said sites are inaccessible. Arrival Details This malware arrives via the following means: may be dropped and executed by its main ZBOT component Installation This Trojan adds
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This spyware arrives on a system as a
This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
Trend Micro has flagged this malware as noteworthy due to the increased potential for damage, propagation, or both, that it possesses. Specifically, this TDSS/alurion variant works in 64-bit systems.
This Trojan also has rootkit capabilities, which enables it to hide its processes and files from the user. Rootkit Capabilities This Trojan also has rootkit capabilities, which enables it to hide its
This Trojan deletes itself after execution. Autostart Technique This Trojan modifies the following registry entries to ensure it automatic execution at every system startup: HKEY_LOCAL_MACHINE
This Trojan deletes itself after execution. Installation This Trojan drops the following copies of itself into the affected system: %User Temp%\xvassdf.exe (Note: %User Temp% is the current user's
This Trojan executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system. Dropping Routine This Trojan drops the following files: %User Temp