Your package has arrived!

The email shown below seems to arrive from United Parcel Service (UPS) International Shipping Company but in reality it is not. In fact, it has a hidden link to a malicious website.

It downloads a binary invoice[random_number].JPG.exe with double extensions which looks as if it is an image file. Quick Heal detects this file as Trojan.Menti.hygd.

When run, “Trojan.Menti.hygd” drops a copy of itself as a randomly named file:
“%APPDATA%random letterrandom letters.exe”

It also creates the registry key shown below to run at the time of Windows bootup:
“HKCUSoftwareMicrosoftWindowsCurrentversionRun{GUID of Windows volume} = “%APPDATA%random lettersrandom letters.exe”

The malware injects codes into the address space of windows processes as below:

This trojan steals sensitive data from the computer so we suggest that users stay away from such emails.

Vishal Dodke

Vishal Dodke

You may also like...

Beware of Free Facebook Mugs Scam

“TrojanBanker.Activator.a” Fake Windows Activation

Are Malware operators using NSIS Installers to bombard Stealers and avoid detection?

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image

This website uses cookies to ensure you get the best experience on our website. Learn more