Virus:TR/PSW.LdPinch.jm1
Date discovered:12/01/2005
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:52.712 Bytes
MD5 checksum:04289dbd55b1537bb67d69690577d902
VDF version:6.29.00.58

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: Trojan.Dropper
   •  TrendMicro: TROJ_SMALL.ACP
   •  VirusBuster: trojan Constructor.MicroJoin.E
   •  Bitdefender: Trojan.Dropper.Microjoin.J


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops malicious files

 Files It deletes the initially executed copy of itself.



The following files are created:

– A file that is for temporary use and it might be deleted afterwards:
   • %TEMPDIR%\ope%hex number%.bat

%TEMPDIR%\mc-110-12-0000352.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Dldr.Zlob.SH.3

%TEMPDIR%\drsmartload125a.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Dldr.Adload.gw

%TEMPDIR%\eltpart1.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Dldr.VB.afa

%TEMPDIR%\mmxprotopro.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: BDS/Genlot.EX

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • PE Pack

Description inserted by Ionut Slaveanu on Thursday, August 24, 2006
Description updated by Ionut Slaveanu on Thursday, September 7, 2006

Back . . . .