Win32/Small.NNX [Threat Name] go to Threat

Win32/Small.NNX [Threat Variant Name]

Category trojan
Size 16763 B
Detection created Mar 30, 2015
Detection database version 11398
Aliases Trojan-Dropper.Win32.Dinwod.acsh (Kaspersky)
Short description

Win32/Small.NNX is a trojan which tries to execute other malicious files. The trojan is usually a part of other malware.

Installation

When executed, the trojan creates the following folder:

  • C:\­Windows\­Sys\­

The trojan creates the following file:

  • C:\­dMe.bat

It contains the following text:

  • taskkill /F /IM jpkj.exe\­r\­nping 127.0.0.1 -n 10\­r\­ndel /s /q /a /f "%malwarefolder%\­\­*.*\­r\­ndel %0 /f /q /a\­r\­n
Other information

The trojan may create copies of the following files (source, destination):

  • %malwarefolder%\­s.e, C:\­Windows\­Sys\­Systcm.exe
  • %malwarefolder%\­s.e, C:\­Windows\­Sys\­Systcm1.exe
  • %malwarefolder%\­Sa.e, C:\­Windows\­Sys\­SafeSys.exe
  • %malwarefolder%\­1.b, C:\­Windows\­Sys\­1.b
  • %malwarefolder%\­0.i, C:\­Windows\­Sys\­0.i
  • %malwarefolder%\­1.i, C:\­Windows\­Sys\­1.i
  • %malwarefolder%\­2.i, C:\­Windows\­Sys\­2.i
  • %malwarefolder%\­0.r, C:\­Windows\­Sys\­0.r
  • %malwarefolder%\­1.b, C:\­Windows\­System32\­OemLogo.bmp
  • %malwarefolder%\­0.i, C:\­Windows\­System32\­OemInfo.ini
  • %malwarefolder%\­Test.exe, C:\­Windows\­Sys\­Test.exe

The trojan executes the following commands:

  • C:\­dMe.bat
  • cmd.exe /c regini C:\­Windows\­Sys\­1.i
  • cmd.exe /c reg add HKCU\­Software\­Microsoft\­Windows\­CurrentVersion\­Run /v Systcm /t REG_SZ /d C:\­Windows\­Sys\­Systcm.exe /f
  • cmd.exe /c reg import C:\­Windows\­Sys\­0.r
  • C:\­Windows\­Sys\­Systcm1.exe
  • D:\­Program Files\­1\­vck.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.