Threat Database Malware Mal/Jadtre-C

Mal/Jadtre-C

By Sumo3000 in Malware

Threat Scorecard

Threat Level: 50 % (Medium)
Infected Computers: 1
First Seen: June 12, 2013
Last Seen: June 30, 2021
OS(es) Affected: Windows

Mal/Jadtre-C is a malware infection and dropper of the Chinese bootkit Guntior. Mal/Jadtre-C contains two execution branches; one is a dynamic link library (DLL) and the other is an executable file. During its execution down the '.exe' path Mal/Jadtre-C maintains a log file in the %Temp% directory named 'stinst.log' to collect information such as the operating system version and its randomly created name when it replicates itself to the system32 directory. Mal/Jadtre-C also assures that the %Temp% directory is added to the PATH environment variable. Mal/Jadtre-C is based on the system time as a seed to generate random names for itself and its dropped components. Mal/Jadtre-C also names a copy of itself 'msimg32.dll' in the %Temp% directory, creates a copy of 'HelpCtr.exe' in the %TEMP% directory, and modifies the PEFlags in the new copy of 'msimg32.dll' so that they specify that the file is a dll. 'HelpCtr.exe' is a legal and safe Windows file that imports calls from 'msimg32.dll', which is commonly found in the system folder. 'HelpCtr.exe' starts the Windows Help and Support Center homepage.

File System Details

Mal/Jadtre-C may create the following file(s):
# File Name Detections
1. HelpCtr.exe
2. msimg32.dll
3. stinst.log

URLs

Mal/Jadtre-C may call the following URLs:

https://www.seekthisnow.com/results.aspx?q=

Trending

Most Viewed

Loading...