Home Malware Programs Trojans Trojan.Lapka

Trojan.Lapka

Posted: May 24, 2013

Threat Metric

Threat Level: 8/10
Infected PCs: 11
First Seen: May 24, 2013
Last Seen: September 19, 2019
OS(es) Affected: Windows

Trojan.Lapka is a Trojan that opens a back door on the targeted computer. When run, Trojan.Lapka creates a copy of itself as the potentially malicious file. Trojan.Lapka creates the potentially malicious files. Trojan.Lapka then creates the registry entries to register itself as a system service. Trojan.Lapka then creates the registry entries to register itself as a legacy driver service. Trojan.Lapka also modifies the registry entries.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%System%\Black.dll File name: %System%\Black.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%System%\wininitg.exe File name: %System%\wininitg.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%System%\RCX2.tmp File name: %System%\RCX2.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%System%\RCX1.tmp File name: %System%\RCX1.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%System%\drivers\passthru.sys File name: %System%\drivers\passthru.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file
%System%\drivers\diskflt.sys File name: %System%\drivers\diskflt.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file
%SystemDrive%\netsf_m.inf File name: %SystemDrive%\netsf_m.inf
Mime Type: unknown/inf
Group: Malware file
%SystemDrive%\netsf.inf File name: %SystemDrive%\netsf.inf
Mime Type: unknown/inf
Group: Malware file
%SystemDrive%\passthru.sys File name: %SystemDrive%\passthru.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file
%Temp%\netsf.inf File name: %Temp%\netsf.inf
Mime Type: unknown/inf
Group: Malware file
%Temp%\netsf_m.inf File name: %Temp%\netsf_m.inf
Mime Type: unknown/inf
Group: Malware file
%Temp%\install.bat File name: %Temp%\install.bat
File type: Batch file
Mime Type: unknown/bat
Group: Malware file
%Temp%\snetcfg.exe File name: %Temp%\snetcfg.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Temp%\passthru.sys File name: %Temp%\passthru.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file
%Windir%\inf\netsf.inf File name: %Windir%\inf\netsf.inf
Mime Type: unknown/inf
Group: Malware file
%Windir%\inf\netsf_m.inf File name: %Windir%\inf\netsf_m.inf
Mime Type: unknown/inf
Group: Malware file
%Windir%\LastGood\system32\DRIVERS\passthru.sys File name: %Windir%\LastGood\system32\DRIVERS\passthru.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file
%Windir%\inf\passthru.sys File name: %Windir%\inf\passthru.sys
File type: System file
Mime Type: unknown/sys
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\"ErrorControl" = "1"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\"DisplayName" = "Passthru Service"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\"Start" = "3"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\"ImagePath" = "system32\DRIVERS\passthru.sys"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\Security\"Security" = "[BINARY DATA]"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\"Type" = "1"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"DisplayName" = "win32 Tool"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"Description" = "win32 Tool"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"ImagePath" = "%System%\wininitg.exe"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"ErrorControl" = "0"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"ObjectName" = "LocalSystem"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\Security\"Security" = "[BINARY DATA]" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"Type" = "16"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"Start" = "2"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"Class" = "LegacyDriver"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\"NextInstance" = "1"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"ConfigFlags" = "0"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"ClassGUID" = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"Legacy" = "1"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"DeviceDesc" = "win32 Tool"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"Service" = "win32 Tool"
Loading...