Win32/Eupuds [Threat Name] go to Threat

Win32/Eupuds.A [Threat Variant Name]

Category	trojan
Size	1076482 B
Aliases	Trojan-Dropper.Win32.Injector.jvgj (Kaspersky)
	Trojan:Win32/Eupuds.A (Microsoft)
	TR/Dropper.A.22237 (Avira)

Win32/Eupuds.A is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

When executed, the trojan copies itself into the following location:

A string with variable content is used instead of %variable1-2% .

In order to be executed on every system start, the trojan sets the following Registry entry:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "%variable2%" = "%appdata%\%variable1%\%variable2%.exe"

The trojan may create and run a new thread with its own program code within any running process.

It avoids processes which contain any of the following strings in their path:

The trojan creates and runs a new thread with its own program code within the following processes:

Win32/Eupuds.A is a trojan that steals sensitive information.

The trojan collects the following information:

The trojan collects sensitive information when the user browses certain web sites.

The trojan collects various information when the user is accessing the following sites:

The following programs are affected:

The trojan attempts to send gathered information to a remote machine.

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (2) URLs. The HTTP protocol is used.

It can execute the following operations: