Your package has arrived!

The email shown below seems to arrive from United Parcel Service (UPS) International Shipping Company but in reality it is not. In fact, it has a hidden link to a malicious website.

It downloads a binary invoice[random_number].JPG.exe with double extensions which looks as if it is an image file. Quick Heal detects this file as Trojan.Menti.hygd.

When run, “Trojan.Menti.hygd” drops a copy of itself as a randomly named file:
“%APPDATA%random letterrandom letters.exe”

It also creates the registry key shown below to run at the time of Windows bootup:
“HKCUSoftwareMicrosoftWindowsCurrentversionRun{GUID of Windows volume} = “%APPDATA%random lettersrandom letters.exe”

The malware injects codes into the address space of windows processes as below:

This trojan steals sensitive data from the computer so we suggest that users stay away from such emails.

Vishal Dodke

Vishal Dodke

Follow @

No Comments, Be The First!

Your email address will not be published.