Win32/Regil [Threat Name] go to Threat
Win32/Regil.BC [Threat Variant Name]
Category | trojan |
Size | 170496 B |
Detection created | Jun 16, 2015 |
Detection database version | 11794 |
Aliases | Trojan.Win32.Fsysna.cbvd (Kaspersky) |
Short description
Win32/Regil.BC installs a backdoor that can be controlled remotely.
Installation
When executed, the trojan copies itself into the following location:
- %localappdata%\VirtualStore\mxtswkc.exe
The trojan creates the following file:
- %localappdata%\VirtualStore\iexplore.exe (93184 B)
In order to be executed on every system start, the trojan sets the following Registry entry:
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "cftvcn" = "%localappdata%\VirtualStore\mxtswkc.exe"
Other information
The trojan contains the program code of the following malware:
- Win32/Regil.AZ
The trojan executes the following files:
- %localappdata%\VirtualStore\iexplore.exe
The trojan creates and runs a new thread with its own code within these running processes.
The malware configuration is passed as command line parameters when the malware executable is launched.