Your package has arrived!

The email shown below seems to arrive from United Parcel Service (UPS) International Shipping Company but in reality it is not. In fact, it has a hidden link to a malicious website.

It downloads a binary invoice[random_number].JPG.exe with double extensions which looks as if it is an image file. Quick Heal detects this file as Trojan.Menti.hygd.

When run, “Trojan.Menti.hygd” drops a copy of itself as a randomly named file:
“%APPDATA%random letterrandom letters.exe”

It also creates the registry key shown below to run at the time of Windows bootup:
“HKCUSoftwareMicrosoftWindowsCurrentversionRun{GUID of Windows volume} = “%APPDATA%random lettersrandom letters.exe”

The malware injects codes into the address space of windows processes as below:

This trojan steals sensitive data from the computer so we suggest that users stay away from such emails.

Vishal Dodke

Vishal Dodke

No Comments, Be The First!

Your email address will not be published.