Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


When executed, the trojan copies itself in the %temp% folder using the following filename:


The following file is dropped in the same folder:


Size of the file is approximately 7 kB. The library is loaded and injected in the following process:


In order to be executed on every system start, the trojan sets the following Registry entry:

"upxdn" = "%temp%\upxdn.exe"


Information stealing

The trojan collects information related to the on-line game Zhengtu. The trojan can send the information to a remote machine. The HTTP protocol is used.