Your package has arrived!
The email shown below seems to arrive from United Parcel Service (UPS) International Shipping Company but in reality it is not. In fact, it has a hidden link to a malicious website.
It downloads a binary invoice[random_number].JPG.exe with double extensions which looks as if it is an image file. Quick Heal detects this file as Trojan.Menti.hygd.
When run, “Trojan.Menti.hygd” drops a copy of itself as a randomly named file:
“%APPDATA%random letterrandom letters.exe”
It also creates the registry key shown below to run at the time of Windows bootup:
“HKCUSoftwareMicrosoftWindowsCurrentversionRun{GUID of Windows volume} = “%APPDATA%random lettersrandom letters.exe”
The malware injects codes into the address space of windows processes as below:
This trojan steals sensitive data from the computer so we suggest that users stay away from such emails.
No Comments, Be The First!