File type: PE

Memory resident:  No

Size of malware: 14,848 Bytes

Initial samples received on: Apr 30, 2009

Related to: TROJ_DROPPER.JIJ, TROJ_TINY.WRE

Payload 1: Downloads files

Details:

Installation

This Trojan drops the following copy(ies) of itself:

• %Windows%\ld08.exe

(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

Autostart Techniques

This Trojan creates the following registry entry(ies) to enable its automatic execution at every system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
sysLDtray = "%Windows%\ld08.exe"

Download Routine

This Trojan connects to the following sites to download other malicious files:

• http://{BLOCKED}ns.com/1/captcha6.exe - detected as TROJ_TINY.WRE
• http://{BLOCKED}ns.com/1/jpssoft.exe - detected as TROJ_DROPPER.JIJ

It then executes the downloaded file(s). As a result, malicious routines of the downloaded files are exhibited on the affected system.

Other Details

This Trojan deletes itself after execution.

Analysis By: Cris Pantanilla

For additional information about this threat, see:
Overview
Solution

Search a new malware

Tell us how we did. Take our quick survey.