Home Malware Programs Trojans Trojan-Downloader.Win32.Murlo.chz

Trojan-Downloader.Win32.Murlo.chz

Posted: October 20, 2009

Trojan-Downloader.Win32.Murlo.chz is a trojan designed to secretly infiltrate a user's computer. Trojan-Downloader.Win32.Murlo.chz opens a conduit for the download and the installation of malware. Trojan-Downloader.Win32.Murlo.chz uses the AppInit_DLLs value in order to install a module that would be loaded into the address space of each running software program. Trojan-Downloader.Win32.Murlo.chz is a serious security risk and should be removed.

Aliases

Trojan-PWS.OnlineGames.ADRD (PC Tools)

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %DownloadedProgramFiles%\hyxqXj4ENYN8PTavg.Ttf
    2 %DownloadedProgramFiles%\WeTqkj55B2u5bVUqbj.Ttf
    3 %DownloadedProgramFiles%\WUstNjhyfQfpv8PQbC.cur
    4 %FontsDir%\AeioFs.dat
    5 %FontsDir%\Encionc_ch.dat
    6 %FontsDir%\kb02021514.dll
    7 %FontsDir%\kb02021633.dll
    8 %System%\dfc8ac3ed7da.dll
    9 %System%\e863f72a04b6.dll
    10 %System%\rb37sCqvGmszGJ3aQYB5qRczx.inf
    11 %Windir%\Task\SbrmpxjdCrgRAFhz4gHh.inf
    12 %Windir%\Tasks\CgbYR44s5jCmgAd6ar.inf
    13 %Windir%\Tasks\EkKXXTKa2TVmc6XM.ico
    14 %Windir%\Tasks\JJX5r8wnsqUnNxGwpwn.inf
    15 %Windir%\Tasks\kZdWDEpQcNC2NwDe.ico
    16 %Windir%\Tasks\ThGkkhVnR6Dhf3eN.ico
    17 %Windir%\Tasks\vC6ykXbjUGCVeCJa.ico
    18 %Windir%\Tasks\x7j7yet9WK9FdYSD.ico
    19 %Windir%\Tasks\yGfdVUegEQm9fhY5rnN.inf
    20 [file and pathname of the sample #1]

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11FDB6D4-166A-47BF-A0F8-A09DABA75FC1}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11FDB6D4-166A-47BF-A0F8-A09DABA75FC1}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30E05169-5E63-4038-9709-5FAD6E488ED2}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30E05169-5E63-4038-9709-5FAD6E488ED2}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{526EB425-7F56-4773-8D70-B8E45AA8E2B6}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{526EB425-7F56-4773-8D70-B8E45AA8E2B6}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6049BC02-7EDA-4C41-B4AB-D5398607C39E}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6049BC02-7EDA-4C41-B4AB-D5398607C39E}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{827E2FB4-1047-43DE-848D-E12BB0C97AAB}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{827E2FB4-1047-43DE-848D-E12BB0C97AAB}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B1AE382-2647-4c4a-A313-B36B6CA34BD7}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B1AE382-2647-4c4a-A313-B36B6CA34BD7}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2BCFCEE-C939-433F-A32A-7353A6E720DB}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2BCFCEE-C939-433F-A32A-7353A6E720DB}\InprocServer32HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BD9D5C-04CA-45E6-8539-98B07D99B6BC}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4BD9D5C-04CA-45E6-8539-98B07D99B6BC}\InprocServer32
Loading...