BAT/Regger [Threat Name] go to Threat

BAT/Regger.NAL [Threat Variant Name]

Category trojan
Detection created Mar 28, 2014
Detection database version 9608
Aliases 9608 (20140328)
Short description

The trojan has a simple payload.

Installation

The trojan does not create any copies of itself.


The trojan is probably a part of other malware.

Other information

The following Registry entries are created:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Google Update.exe" = "C:\­ProgramData\­lsass.exe"
    • "Ares.exe" = "C:\­Users\­Jose\­AppData\­Local\­Temp\­lsass.exe"
    • "22386.exe" = "C:\­ProgramData\­lsass.exe"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows NT\­CurrentVersion\­Windows]
    • "Load" = "C:\­ProgramData\­csrss.lnk"
    • "Run" = "C:\­ProgramData\­lsass.exe"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Explorer\­Advanced]
    • "Hidden" = 2
    • "HideFileExt" = 1
    • "ShowSuperHidden" = 0
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Explorer\­Advanced\­Folder\­Hidden\­SHOWALL]
    • "CheckedValue" = 0
  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Explorer\­Advanced\­Folder\­Hidden\­SHOWALL]
    • "CheckedValue" = 0

Please enable Javascript to ensure correct displaying of this content and refresh this page.