Trojan-GameThief.Win32.OnLineGames.sqll
Trojan-GameThief.Win32.OnLineGames.sqll is a malicious backdoor trojan that runs in the background. In addition, Packed.Win32.Black.a enables remote access to the corrupted system. Trojan-GameThief.Win32.OnLineGames.sqll is secured with Themida in order to prevent the sample from being reverse-engineered. Themida protection can in some way be used by a threat to complicate the manual threat analysis (for instance, the sample would not run
under the Virtual Machine). Packed.Win32.Black.a may download other malicious files from the Internet.
Aliases
Packed.Win32.Black.a (Kaspersky Lab)
Packed.Win32.Black (Ikarus)
PE_Patch.UPX (Kaspersky Lab)
Packed.Win32.Black (Ikarus)
PE_Patch.UPX (Kaspersky Lab)
File System Modifications
- The following files were created in the system:
# File Name 1 %CommonPrograms%\Startup\cftmon.exe.lnk 2 %System%\net\cftmon.exe 3 %System%\net\netset.sys 4 %System%\net\offkey.nrp 5 %System%\netsys.exe 6 %Temp%\suicide.bat
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\shellHKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\shell\openHKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\shell\open\commandHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\{FB11648D-ED3C-90F4-D7B9-0D9E4E62E2EF}
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.