Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Installation

When executed, the trojan copies itself in the %temp% folder using the following filename:

upxdn.exe

The following file is dropped in the same folder:

upxdn.dll

Size of the file is approximately 7 kB. The library is loaded and injected in the following process:

explorer.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"upxdn" = "%temp%\upxdn.exe"

 

Information stealing

The trojan collects information related to the on-line game Zhengtu. The trojan can send the information to a remote machine. The HTTP protocol is used.