The Grenam Malware threat is classified as a Trojan. However, according to an analysis by cybersecurity specialists, it is comprised of three different threatening components. Apparently, Grenam is equipped with a Trojan part, a worm component and a malware payload. The threat is likely deployed on the victim's system by other malware threats or by being injected into cracked versions of licensed or copyrighted software products downloaded by the users themselves.
The execution of the threat begins by creating a copy of itself and dropping it into the %APPDATA%\ folder of the breached system. The copy file is named paint.exe as an attempt to mislead victims. The Trojan part of the threat will add a paint.lnk file into the startup folder, resulting in Grenam being run every time the Windows OS is started. In addition, it injects a Registry entry - 'HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,' as another way to automatically start the threat.
The second component of the Grenam threat allows it to spread itself to other systems via removable or shared drives. The malware will drop a copy of itself on the drive, as a file named Paint with a missing file extension. In the same folder, Grenam will create a file named 'hold.inf' that will subsequently be renamed to 'autorun.inf.' As a result, the hurtful threat will be activated if the drive is opened on a PC system with an activated Autorun functionality. The final threatening component will create infected hidden copies of the executable files found on the breached device.
Grenam Malware Video
Tip: Turn your sound ON and watch the video in Full Screen mode.