Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Troj_patch.cd

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Troj_patch.cd
# 1  
Old 01-11-2008
Troj_patch.cd
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

ImageMalware Overview
This is the Trend Micro detection for a normal file IEXPLORER.EXE that gets inserted with a malicious code
Its characteristic is similar to PE_HUNK variants. However, unlike PE_HUNK this Trojan does not infect *.EXE files.
It deletes the file %Systemdir%\dllcache\iexplore.exe. It renames the copy of itself %User_Temp%\ore.exe using the name of the deleted file. It then replaces the deleted file.
It creates a backup original copy of the file %ProgramFiles%\Internet Explorer\iexplore.exe and saves it as %User_Temp%\~0re.tmp.
Afterwards, it replaces the original file %ProgramFiles%\Internet Explorer\iexplore.exe with the malware copied file %Systemdir%\dllcache\iexplore.exe. As a result, the malware is unknowingly used everytime a user accesses the Internet.
It connects to certain URLs that can be used in transmitting system information and possibly enable it to update a copy of itself.
However, the said links are currently inaccessible of this writing.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

perl::critic::policyparameter::behavior

Perl::Critic::PolicyParameter::Behavior(3)		User Contributed Perl Documentation		Perl::Critic::PolicyParameter::Behavior(3)

NAME

       Perl::Critic::PolicyParameter::Behavior - Default type-specific actions for a parameter.

DESCRIPTION

       Provides a standard set of functionality for a Perl::Critic::PolicyParameter so that the developer of a policy does not have to provide it
       her/himself.  The developer can override most of the functionality in the subclasses; these are just defaults.

       All subclasses have singleton instances held onto by Perl::Critic::PolicyParameter.

INTERFACE SUPPORT

       This is considered to be a non-public class.  Its interface is subject to change without notice.

METHODS

       "initialize_parameter( $parameter, $specification )"
	   Plug in the functionality this behavior provides into the parameter, based upon the configuration provided by the specification.  The
	   configuration items looked for depends upon the specific behavior subclass.

       "generate_parameter_description( $parameter )"
	   Create a description of the parameter, based upon the description on the parameter itself, but enhancing it with information from this
	   behavior.

	   Note that this may return "undef" if the parameter itself doesn't have a description.  Also, the returned value may include multiple
	   lines.

AUTHOR

       Elliot Shank <perl@galumph.com>

COPYRIGHT

       Copyright (c) 2006-2011 Elliot Shank.

       This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.  The full text of this license
       can be found in the LICENSE file included with this module.

perl v5.16.3							    2014-06-09				Perl::Critic::PolicyParameter::Behavior(3)