Multi-Device Licenses (Volume Discounts)

Change Region

English
Threat Database Trojans Trojan.Lapka

Trojan.Lapka

By Sumo3000 in Trojans

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 1
First Seen: May 24, 2013
Last Seen: September 19, 2019
OS(es) Affected: Windows

Trojan.Lapka is a Trojan that opens a back door on the affected PC. Once executed, Trojan.Lapka replicates itself as the malevolent file. Trojan.Lapka creates the malevolent files. Trojan.Lapka then creates the registry entries to register itself as a system service. Trojan.Lapka then creates the registry entries to register itself as a legacy driver service. Trojan.Lapka also modifies the registry entries.

File System Details

Trojan.Lapka may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. %System%\drivers\passthru.sys
2. %Temp%\install.bat
3. %Windir%\LastGood\system32\DRIVERS\passthru.sys
4. %System%\wininitg.exe
5. %SystemDrive%\passthru.sys
6. %Temp%\passthru.sys
7. %System%\Black.dll
8. %System%\drivers\diskflt.sys
9. %Temp%\snetcfg.exe
10. %Windir%\inf\passthru.sys
11. %SystemDrive%\netsf_m.inf
12. %Temp%\netsf_m.inf
13. %Windir%\inf\netsf_m.inf
14. %System%\RCX1.tmp
15. %Temp%\netsf.inf
16. %Windir%\inf\netsf.inf
17. %System%\RCX2.tmp
18. %SystemDrive%\netsf.inf

Registry Details

Trojan.Lapka may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\"Start" = "3"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\"Type" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"ImagePath" = "%System%\wininitg.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\Security\"Security" = "[BINARY DATA]"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"Class" = "LegacyDriver"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"ClassGUID" = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"Service" = "win32 Tool"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\"DisplayName" = "Passthru Service"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\Security\"Security" = "[BINARY DATA]"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"Description" = "win32 Tool"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"ObjectName" = "LocalSystem"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"Start" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"ConfigFlags" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"DeviceDesc" = "win32 Tool"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\"ErrorControl" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru\"ImagePath" = "system32\DRIVERS\passthru.sys"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"DisplayName" = "win32 Tool"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"ErrorControl" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\win32 Tool\"Type" = "16"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\"NextInstance" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WIN32_TOOL\0000\"Legacy" = "1"

Trending

Most Viewed

Loading...