Win32/PSW.Papras [Threat Name] go to Threat

Win32/PSW.Papras.DA [Threat Variant Name]

Category trojan
Size 299176 B
Detection created Feb 18, 2014
Detection database version 9441
Aliases Trojan-PSW.Win32.Tepfer.tlix (Kaspersky)
  TR/PSW.Papras.DA.6 (Avira)
Short description

Win32/PSW.Papras.DA is a trojan that installs Win32/PSW.Papras.CX malware.

Installation

The trojan does not create any copies of itself.

Other information

The trojan creates the following file:

  • %commonappdata%\­%variable%.dat (295840 B, Win32/PSW.Papras.CX)

The file is then executed.


The following Registry entries are set:

  • [HKEY_CURRENT_USER\­SOFTWARE\­AppDataLow\­{%guid%}]
    • "#sd" = %originalmalwarefilepath%
  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run\­
    • "%variable%" = "regsvr32.exe "%commonappdata%\­%variable%.dat""

A string with variable content is used instead of %variable% , %guid% .


After the installation is complete, the trojan deletes the original executable file.

Please enable Javascript to ensure correct displaying of this content and refresh this page.