Internet threat level: 1
Home→Descriptions→Trojan-Dropper.Win32.Small.kv
Trojan-Dropper.Win32.Small.kv
| Detected | Sep 02 2004 00:55 GMT |
| Released | Sep 02 2004 00:55 GMT |
| Published | Sep 03 2004 08:44 GMT |
Technical Details
This primitive Trojan is written in Assembler and is packed using FSG. The packed file is approximately 6KB in size, and the unpacked file is approximately 60KB in size.
When launching, it saves a file named eplrr9.dll (which contains Trojan.Win32.StartPage.nu) to the %System% directory. It then launches this file. TrojanDropper.Win32.Small.kv also registers eplrr9.dll in the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObject]
The Trojan does not manifest its presence in the system in any way.
Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.
This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).
Such programs are used by hackers to:
- secretly install Trojan programs and/or viruses
- protect known malicious programs from being detected by antivirus solutions; not all antivirus programs are capable of scanning all the components inside this type of Trojans.
Trojan-Dropper.
- TrojanDropper.
Win32. Small. kv (Kaspersky Lab)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.