Selected viruses, spyware, and other threats: sorted alphabetically
When executed, the trojan copies itself in the %temp% folder using the following filename:
The following file is dropped in the same folder:
Size of the file is approximately 7 kB. The library is loaded and injected in the following process:
In order to be executed on every system start, the trojan sets the following Registry entry:
"upxdn" = "%temp%\upxdn.exe"
The trojan collects information related to the on-line game Zhengtu. The trojan can send the information to a remote machine. The HTTP protocol is used.