Threat Database Trojans Trojan.Madi


By Sumo3000 in Trojans

Trojan.Madi is a Trojan that opens a back door on the infected computer, downloads and installs infected files, and steals confidential information from the affected PC users. When activated, Trojan.Madi copies itself by creating several potentially infected files. Trojan.Madi also creates many hardcoded file names. Trojan.Madi modifies the certain Registry entry so that it can load automatically every time Windows is started. Trojan.Madi can contact the certain command and control (C&C) server. Trojan.Madi can capture screenshots, log keystrokes and download its updates.

SpyHunter Detects & Remove Trojan.Madi

File System Details

Trojan.Madi may create the following file(s):
# File Name MD5 Detections
1. %UserProfile%\PrintHood\SHK.dll
2. %UserProfile%\PrintHood\SIK.dll
3. %UserProfile%\PrintHood\[TEN RANDOM CHARACTERS].dll
4. %UserProfile%\PrintHood\Roze.dll
5. %UserProfile%\PrintHood\FIE.dll
6. %UserProfile%\Templates\nam.dll
7. %UserProfile%\PrintHood\pangtip.bat
8. %UserProfile%\PrintHood\BIE.dll
9. %UserProfile%\PrintHood\xdat.dll
10. %UserProfile%\PrintHood\mahdi.txt
11. %UserProfile%\PrintHood\[TEN RANDOM CHARACTERS].PRI
12. %UserProfile%\PrintHood\UpdateOffice.exe (Trojan.Dropper)
13. %UserProfile%\My Documents\[ORIGINAL FILE NAME].exe.JPG
14. %UserProfile%\UpBackup\UpdateOffice.exe (Trojan.Dropper)
15. file.exe 3fc8788fd0652e4f930d530262c3d3f3 0
16. UpdateOffice.exe 461ba43daa62b96b313ff897aa983454 0
17. UpdateOffice.exe 18002ca6b19c3c841597e611cc9c02d9 0
18. UpdateOffice.exe 67c6fabbb0534090a079ddd487d2ab4b 0

Registry Details

Trojan.Madi may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\"Startup" = "%UserProfile%\UpBackup"


Most Viewed