| Description:
|
Details
TrojanDropper.Win32.Small.kv
This primitive Trojan is written in Assembler and is packed using FSG. The packed file is approximately 6KB in size, and the unpacked file is approximately 60KB in size.
When launching, it saves a file named eplrr9.dll (which contains Trojan.Win32.StartPage.nu) to the %System% directory. It then launches this file. TrojanDropper.Win32.Small.kv also registers eplrr9.dll in the system registry:
[HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObject]
The Trojan does not manifest its presence in the system in any way. |
