Win32/Regil [Threat Name] go to Threat

Win32/Regil.BC [Threat Variant Name]

Category trojan
Size 170496 B
Detection created Jun 16, 2015
Detection database version 11794
Aliases Trojan.Win32.Fsysna.cbvd (Kaspersky)
Short description

Win32/Regil.BC installs a backdoor that can be controlled remotely.

Installation

When executed, the trojan copies itself into the following location:

  • %localappdata%\­VirtualStore\­mxtswkc.exe

The trojan creates the following file:

  • %localappdata%\­VirtualStore\­iexplore.exe (93184 B)

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "cftvcn" = "%localappdata%\­VirtualStore\­mxtswkc.exe"
Other information

The trojan contains the program code of the following malware:

  • Win32/Regil.AZ

The trojan executes the following files:

  • %localappdata%\­VirtualStore\­iexplore.exe

The trojan creates and runs a new thread with its own code within these running processes.


The malware configuration is passed as command line parameters when the malware executable is launched.

Please enable Javascript to ensure correct displaying of this content and refresh this page.