Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/SkinTrim.A

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload May display pop-up advertisements
Detection files published
Description created 30 Oct 2007 07:42:00
Description updated 30 Oct 2007 07:42:00
Malware type TROJAN
Alias
Spreading mechanism NETWORK
Summary None

W32/SkinTrim.A

Spreading

Changes to filesystem: %Program files%\Mailskinner\Mailskinner.exe  %Program files%\Mailskinner\OESkinner.dll  %Program Files%\Mailskinner\OLSkinner.dllNetwork: Looks for an internet connection Attempts to download and run file from http://removed> Attempts to connect to http://removed>Changes to registry:(These keys can all be deleted)
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MailSkinner" "HKEY_CURRENT_USER\Software\epk_extr" "HKEY_CURRENT_USER\Software\exts" "HKEY_CLASSES_ROOT\CLSID\{180B4EE9-1795-4429-9651-
F17A6515726D}" "HKEY_CLASSES_ROOT\Interface\{0A089E22-5736-4092-B3F8-
3F0D5F345482}" "HKEY_CLASSES_ROOT\OutlookAddin.Addin" "HKEY_CLASSES_ROOT\OutlookAddin.Addin.1" "HKEY_CLASSES_ROOT\TypeLib\{5BAD7FAE-81F0-4439-8C1A-
3E8907998047}" "HKEY_LOCAL_MACHINE\SOFTWARE\MailSkinner" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\
Outlook\Addins\OutlookAddin.Addin" "HKEY_LOCALOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\App Paths\MailSkinner.exe" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\MailSkinner"

Payload Details

SkinTrim.A may display pop-up advertisements.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:11