Drops Other Malware
Upon execution, TrojanDropper:Win32/Ilomo
. into the user's Application Data folder using one of the following file names:
Note that these file names are similar to the file names used by legitimate system processes (such as 'lsass.exe', 'svchost.exe', and 'services.exe').
It also modifies the system registry so that its dropped malware automatically runs every time Windows starts:
Adds value: "<value>"
With data: "%AppData%\<malware name>"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
where <malware name> is one of the above possible file names and <value> is one of the following:
Analysis by Matt McCormack
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).