Trojan.Tredpaf

By Sumo3000 in Trojans

Threat Scorecard

Threat Level:	90 % (High)
Infected Computers:	3

First Seen:	May 30, 2013
Last Seen:	January 20, 2022
OS(es) Affected:	Windows

Trojan.Tredpaf is a Trojan that opens a back door and may drop additional malware infections onto the compromised PC. Trojan.Tredpaf may be distributed by other malware infections or sent through spam email attachments. Once run, Trojan.Tredpaf may create infected files. Trojan.Tredpaf may create the registry entry so that it can load automatically every time the PC user starts Windows. Trojan.Tredpaf may also create registry entries under the registry subkeys. Trojan.Tredpaf may make more alterations to the numerous registry entries. Trojan.Tredpaf may fulfill harmful actions such as act as a server to monitor back doors that connect to the attacked PC, create a self-signed certificate to be used with SSL, get disk information, control USB devices, sleep for a certain amount of time, sniff network traffic, use the gloox library to communicate using the Jabber/XMPP protocol, and other.

File System Details

Trojan.Tredpaf may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	C:\Documents and Settings\\Application Data\Microsoft\Crypto\RSA\MachineKeys[KEY VALUE\cap.cfg
Name: C:\Documents and Settings\<username>\Application Data\Microsoft\Crypto\RSA\MachineKeys[KEY VALUE\cap.cfg Group: Malware file
2.	%System%\Microsoft\Protect\[SID]\[GUID\cap.cfg
Name: %System%\Microsoft\Protect\[SID]\[GUID\cap.cfg Group: Malware file
3.	%System%\Microsoft\Protect\[SID]\Preferre\cap.cfg
Name: %System%\Microsoft\Protect\[SID]\Preferre\cap.cfg Group: Malware file

Registry Details

Trojan.Tredpaf may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates\[HEXADECIMAL STRING]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTPFilter\Enum

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER\0000\Control\"NewlyCreated" = "0"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER\0000\"Legacy" = "1"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER\0000\"Service" = "HTTPFilter"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER\0000\"Class" = "LegacyDriver"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443\"DefaultSslRevocationFreshnessTime" = "0"

00 00"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFilter\Enum\"NextInstance" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Keys\[HEXADECIMAL STRING]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER\0000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\[HEXADECIMAL STRING]\"Blob" = "[BINARY VALUE]"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Keys\[HEXADECIMAL STRING]\"Blob" = "[BINARY VALUE]"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER\0000\Control\"ActiveService" = "HTTPFilter"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER\"NextInstance" = "1"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443\"DefaultSslCertCheckMode" = "0"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443\"AppId" = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFilter\Enum\"Count" = "1"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443\"DefaultFlags" = "0"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\"load" = "[PATH TO TROJAN]"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\[HEXADECIMAL STRING]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\My\Certificates\[HEXADECIMAL STRING]\"Blob" = "[BINARY VALUE]"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER\0000\"ConfigFlags" = "0"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER\0000\DeviceDesc: "HTTP SSL"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HTTPFILTER\0000\"ClassGUID" = "{GUID 2}"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443\"SslCertHash" = "[BINARY VALUE]"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFilter\Enum\"0" = "Root\LEGACY_HTTPFILTER\0000"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\SslBindingInfo\0.0.0.0:443\"DefaultSslRevocationUrlRetrievalTimeout" = "0"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan.Tredpaf

Threat Scorecard

EnigmaSoft Threat Scorecard

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen