Win32/Lethic [Threat Name] go to Threat

Win32/Lethic.AF [Threat Variant Name]

Category trojan
Size 198144 B
Detection created Oct 15, 2014
Detection database version 10567
Aliases Trojan:Win32/Lethic.K (Microsoft)
  BackDoor.Neutrino.4 (Dr.Web)
Short description

Win32/Lethic.AF is a trojan that is used for spam distribution. It can be controlled remotely.

Installation

When executed, the trojan copies itself into the following location:

  • C:\­RECYCLER\­S-1-5-21-0243556031-888888379-781862338-1861771\­17fd1ar8.exe

In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Test11a23" = "C:\­RECYCLER\­S-1-5-21-0243556031-888888379-781862338-1861771\­17fd1ar8.exe"
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­RunOnce]
    • "Test11a23" = "C:\­RECYCLER\­S-1-5-21-0243556031-888888379-781862338-1861771\­17fd1ar8.exe"
Spam distribution

Win32/Lethic.AF is a trojan that is used for spam distribution.


The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a URL address. The TCP protocol is used in the communication.

Other information

The trojan creates and runs a new thread with its own program code within the following processes:

  • explorer.exe
  • %malwarefilepath%

Please enable Javascript to ensure correct displaying of this content and refresh this page.