Win32/Ponmocup.AA
Win32/Ponmocup.AA is a Trojan which drops other malware infections onto the compromised PC. Win32/Ponmocup.AA gathers confidential information and computer data linked to the targeted computer system. Win32/Ponmocup.AA attempts to transmit gathered information to a remote PC. Win32/Ponmocup.AA gets data and instructions from a remote server or the Internet. When run, Win32/Ponmocup.AA creates several malevolent files. Win32/Ponmocup.AA may also modify the Windows Registry by creating a ceratin registry entry so that it can run automatically every time you start Windows.
File System Details
Win32/Ponmocup.AA may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %System%\%RANDOM1%.exe | |
| 2. | %Temp%\%RANDOM1%.exe | |
| 3. | %ProgramFiles%\%ExistingFolder%\%RANDOM1%.exe | |
| 4. | %Temp%\%RANDOM1%.dll | |
| 5. | %ProgramFiles%\%ExistingFolder%\%RANDOM1%.dll | |
| 6. | %System%\%RANDOM1%.dll |
Registry Details
Win32/Ponmocup.AA may create the following registry entry or registry entries:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] "%RANDOM2%" = "%malwarepath%"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] "%RANDOM2%" = "%malwarepath%"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "%random2%" = "%malwarepath%"
