TROJ_DLOADR.JKS
October 09, 2012
PLATFORM:
Windows 2000, Windows XP, Windows Server 2003
OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan deletes the initially executed copy of itself.
TECHNICAL DETAILS
File Size: 73,728 bytes
File Type: EXE
Memory Resident: Yes
Installation
This Trojan drops the following copies of itself into the affected system:
- C:\Program Files\{6-randomchars}.exe
Autostart Technique
This Trojan registers itself as a system service to ensure its automatic execution at every system startup by adding the following registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\MSUpdqtecnn
ImagePath = %Program Files%\{6-randomchars}.exe
Other Details
This Trojan deletes the initially executed copy of itself
NOTES:
It connects to the following servers but during testing, the malware was unable to receive a response:
- {BLOCKED}99.3322.org
- {BLOCKED}os.3322.org