Win32/Talmad [Threat Name] go to Threat

Win32/Talmad.B [Threat Variant Name]

Category trojan
Size 62464 B
Detection created Oct 17, 2015
Detection database version 12424
Aliases TR/Graftor.62464.28 (Avira)
Short description

Win32/Talmad.B is a trojan that installs Win32/CoinMiner.YS malware.

Installation

The trojan does not create any copies of itself.


The trojan is usually a part of other malware.

Other information

The trojan has a simple payload.


The trojan tries to read following files:

  • %malwarefolder%\­tIPW.dat

The files contain encrypted executables.


After decryption the data is saved in the following files:

  • %temp%\­mdi064.dll (1457664 B, Win32/CoinMiner.YS)

The file is then executed.


The following Registry entry is set:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "tsiVideo" = "rundll32.exe %temp%\­mdi064.dll,dalmat"

This way the trojan ensures that the file is executed on every system start.

Please enable Javascript to ensure correct displaying of this content and refresh this page.