Home Malware Programs Trojans Trojan.Smackup

Trojan.Smackup

Posted: May 21, 2013

Threat Metric

Ranking: 14,733
Threat Level: 9/10
Infected PCs: 860
First Seen: May 21, 2013
Last Seen: August 5, 2023
OS(es) Affected: Windows

Trojan.Smackup is a Trojan that steals information from the affected computer. When Trojan.Smackup is executed, it creates the potentially malicious files on the compromised PC. Trojan.Smackup makes changes to the attributes of the files in order to disguise them from the PC user. Trojan.Smackup creates the registry entries so that it can run automatically every time Windows is started. Trojan.Smackup grabs system information and stores it in the particular file. Trojan.Smackup also collects files with the files extensions such as .doc, .docx, .xlsx, .ppt, .pptx and .pdf. Trojan.Smackup saves the collected files in the specific file. Trojan.Smackup also logs keystrokes and opens window titles, and saves the information in the specific file. Trojan.Smackup then uploads the stolen information to the particular locations.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%SystemDrive%\MSOCache\start1.bat File name: %SystemDrive%\MSOCache\start1.bat
File type: Batch file
Mime Type: unknown/bat
Group: Malware file
%SystemDrive%\MSOCache\start.bat File name: %SystemDrive%\MSOCache\start.bat
File type: Batch file
Mime Type: unknown/bat
Group: Malware file
%SystemDrive%\MSOCache\test.vbs File name: %SystemDrive%\MSOCache\test.vbs
Mime Type: unknown/vbs
Group: Malware file
%SystemDrive%\MSOCache\Hen.exe File name: %SystemDrive%\MSOCache\Hen.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%SystemDrive%\MSOCache\Ron.exe File name: %SystemDrive%\MSOCache\Ron.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%SystemDrive%\MSOCache\1.pdf File name: %SystemDrive%\MSOCache\1.pdf
Mime Type: unknown/pdf
Group: Malware file
%SystemDrive%\MSOCache\MS[THREE DIGITS].log File name: %SystemDrive%\MSOCache\MS[THREE DIGITS].log
Mime Type: unknown/log
Group: Malware file
%SystemDrive%\MSOCache\Info-[DATE].log File name: %SystemDrive%\MSOCache\Info-[DATE].log
Mime Type: unknown/log
Group: Malware file
%SystemDrive%\MSOCache\csb.log File name: %SystemDrive%\MSOCache\csb.log
Mime Type: unknown/log
Group: Malware file
%SystemDrive%\MSOCache\MB145.log File name: %SystemDrive%\MSOCache\MB145.log
Mime Type: unknown/log
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"GlitchInstrumentation" = "%SystemDrive%\MSOCache\Ron.exe\"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"GlitchInstrumentation" = "%SystemDrive%\MSOCache\Ron.exe\"
Loading...