TROJ_DLOADER.CP

This Trojan may be downloaded from remote sites by other malware. It may also be dropped by other malware. It may arrive bundled with malware packages as a malware component. It may also be downloaded unknowingly by a user when visiting malicious Web sites.

Upon execution, it creates registry entries to enable its automatic execution at every system startup. It accesses URLs to download malicious files. Trend Micro detects the following files as:

• TROJ_DLOADER.CP
• Possible_Legmir
• Possible_MLWR-1
• TROJ_AGENT.AEDO
• TROJ_DELF.LGX
• TROJ_Generic
• TSPY_LEGMIR.CSF
• TSPY_LEGMIR.CTN
• TSPY_ONLINEG.BB
• TSPY_ONLINEG.BO
• TSPY_ONLINEG.BQ
• TSPY_ONLINEG.BT
• TSPY_ONLINEG.BY
• TSPY_ONLINEG.CB
• TSPY_ONLINEG.CE
• TSPY_ONLINEG.CG
• TSPY_ONLINEG.CM
• TSPY_ONLINEG.CO
• TSPY_ONLINEG.CQ
• TSPY_ONLINEG.CR
• TSPY_ONLINEG.CS
• TSPY_ONLINEG.CU
• TSPY_ONLINEG.CW
• TSPY_ONLINEG.DE
• TSPY_ONLINEG.DJ
• TSPY_ONLINEG.DL
• TSPY_ONLINEG.EA
• TSPY_ONLINEG.EG
• TSPY_ONLINEG.EK
• TSPY_ONLINEG.EL
• TSPY_ONLINEG.EOS
• TSPY_ONLINEG.ES
• TSPY_ONLINEG.EU
• TSPY_ONLINEG.EX
• TSPY_ONLINEG.FA
• TSPY_ONLINEG.FF
• TSPY_ONLINEG.FG
• TSPY_ONLINEG.FH
• TSPY_ONLINEG.FM
• TSPY_ONLINEG.FQ
• TSPY_ONLINEG.FS
• TSPY_ONLINEG.FT
• TSPY_ONLINEG.FX
• TSPY_ONLINEG.FY
• TSPY_ONLINEG.FZ
• TSPY_ONLINEG.GG
• TSPY_ONLINEG.GI
• TSPY_ONLINEG.GL
• TSPY_ONLINEG.GN
• TSPY_ONLINEG.HV
• TSPY_ONLINEG.II
• TSPY_ONLINEG.IJ
• TSPY_ONLINEG.ISZ
• TSPY_ONLINEG.IT
• TSPY_ONLINEG.IV
• TSPY_ONLINEG.IY
• TSPY_ONLINEG.JI
• TSPY_ONLINEG.JM
• TSPY_ONLINEG.KF
• TSPY_ONLINEG.KH
• TSPY_ONLINEG.KI
• TSPY_ONLINEG.KK
• TSPY_ONLINEG.KL
• TSPY_ONLINEG.LJD
• TSPY_ONLINEG.LO
• TSPY_ONLINEG.LPE
• TSPY_ONLINEG.LW
• TSPY_ONLINEG.LX
• TSPY_ONLINEG.MC
• TSPY_ONLINEG.MD
• TSPY_ONLINEG.MGT
• TSPY_ONLINEG.MGU
• TSPY_ONLINEG.MK
• TSPY_ONLINEG.MP
• TSPY_ONLINEG.NA
• TSPY_ONLINEG.NC
• TSPY_ONLINEG.NM
• TSPY_ONLINEG.NN
• TSPY_ONLINEG.NO
• TSPY_ONLINEG.NQ
• TSPY_ONLINEG.NSM
• TSPY_ONLINEG.NTR
• TSPY_ONLINEG.NV
• TSPY_ONLINEG.PN
• TSPY_ONLINEG.PO
• TSPY_ONLINEG.PS
• TSPY_ONLINEG.PY
• TSPY_ONLINEG.QA
• TSPY_ONLINEG.QC
• TSPY_ONLINEG.QZ
• TSPY_ONLINEG.RL
• TSPY_ONLINEG.SD
• TSPY_ONLINEG.SI
• TSPY_ONLINEG.SS
• TSPY_ONLINEG.SV
• TSPY_ONLINEG.SW
• TSPY_ONLINEG.TJ
• TSPY_ONLINEG.TL
• TSPY_ONLINEG.TN
• TSPY_ONLINEGA.CA
• TSPY_ONLINEGA.CD
• TSPY_ONLINEGA.CF
• TSPY_ONLINEGA.CT
• TSPY_ONLINGAME.I

This Trojan then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system. It then deletes itself after execution.

Related Items