Win32/TrojanDropper.Gepys [Threat Name] go to Threat

Win32/TrojanDropper.Gepys.AA [Threat Variant Name]

Category trojan
Size 146432 B
Detection created Apr 29, 2013
Detection database version 8525
Aliases Win32:Gepys-F (Avast)
Short description

Win32/TrojanDropper.Gepys.AA is a trojan that installs Win32/Injector.AGCM malware.

Installation

When executed, the trojan copies itself in some of the the following locations:

  • %commonappdata%\­Mozilla\­%variable1%.exe (146440 B, Win32/TrojanDropper.Gepys.AA)
  • %temp%\­java_update_%variable2%.exe (146440 B, Win32/TrojanDropper.Gepys.AA)

A string with variable content is used instead of %variable1-2% . The file is then executed.


The trojan schedules a task that causes the following file to be executed repeatedly:

  • %commonappdata%\­Mozilla\­%variable1%.exe (146440 B, Win32/TrojanDropper.Gepys.AA)
Other information

The trojan creates the following file:

  • %commonappdata%\­Mozilla\­%variable%.dll (25088 B, Win32/Injector.AGCM)

A string with variable content is used instead of %variable% . The following Registry entries are set:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows NT\­CurrentVersion\­Windows]
    • "AppInit_DLLs" = "%commonappdata%\­Mozilla\­%variable%.dll"
    • "LoadAppInit_DLLs" = 1

This way the trojan ensures that the libraries with the following names will be injected into all running processes:

  • %commonappdata%\­Mozilla\­%variable%.dll

Please enable Javascript to ensure correct displaying of this content and refresh this page.