Win32/Lukicsel [Threat Name] go to Threat

Win32/Lukicsel.W [Threat Variant Name]

Category trojan
Size 370176 B
Aliases Trojan.Win32.Pakes.qkk (Kaspersky)
  Trojan:Win32/Lukicsel.E (Microsoft)
Short description

Win32/Lukicsel.W is a trojan that installs Win32/Lukicsel.T malware.

Installation

The trojan is usually a part of other malware.


The trojan does not create any copies of itself.


The trojan creates the following files:

  • %system%\­shimg.dll (294018 B, Win32/Lukicsel.B)
  • %system%\­mdhcp32.dll (50688 B, Win32/Lukicsel.T)

The following Registry entries are created:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon\­Notify\­mdhcp32]
    • "DllName" = "mdhcp32.dll"
    • "Startup" = "WinStart2EX"
    • "Logoff" = "WinOff2EX"
    • "Shutdown" = "WinOff2EX"
    • "Asynchronous" = 1
    • "Impersonate" = 1
Other information

The trojan loads and injects the mdhcp32.dll library into the following processes:

  • %malwarefilepath%

Please enable Javascript to ensure correct displaying of this content and refresh this page.