Analysis
MSIL/Sharik.TLX!tr is a generic detection for a type of trojan that drops malware onto the compromised computer. Since this is a generic detection, files that are detected as MSIL/Sharik.TLX!tr may have varying behavior.
Below are examples of some of these behavior:
- It creates a subfolder in the user's Application Data folder using a randomized name. It then drops a copy of itself with a randomized name into this newly created folder.
- It creates the following registry entry to automatically execute its dropped file every time the infected user logs in:
- key:HCKU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
- value:[Random]
- data: undefinedAppDataundefined\[Random]\[Random].exe
- It injects malicious codes into the svchost.exe process.
- It deletes its original copy from the current folder.