Analysis
W32/Injector.K!tr is a generic detection for a type of trojan that drops other malware onto the compromised computer. Since this is a generic detection, files that are detected as W32/Injector.K!tr may have varying behavior.
Below are examples of some of these behavior:
- It drops the following files:
- undefinedAppDataundefined\[Random]\[Random]\1.0.0.0\java update.exe : This file is also detected as W32/Injector.K!tr.
- undefinedTempundefined\rundll32cyutlhtjyuir.exe : This file is also detected as W32/Injector.K!tr.
- Creates the following autorun registry entries for its dropped files:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- java update = undefinedAppdataundefined\[Random]\[Random]\1.0.0.0\java update.exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- rundll32 = undefinedTempundefined\rundll32cyutlhtjyuir.exe
- Network activities are observed to perform DNS queries on the following sites: