Bird_banner_small4
Trojan-Downloader.Win32.Reghight.A
TSL ID TSL20171106-02
Severity Moderate
Description

Trojan-Downloader.Win32.Reghight.A is a Trickler that targets the Windows platform. This malware has been observed spreading through a decoy PowerPoint document that may exploit a vulnerability in Microsoft Office. The malware downloads a binary, installs it as a service on the infected system, and starts the service. It also injects itself into a legitimate process to hide its activities.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • B7ADF61502BC1EB8435449CF920E24DE
SHA1:
  • A04421C771057D2A44238B9AAB4B89C7A398955C
Identifiers
McAfee
  • ARTEMIS!B7ADF61502BC
Microsoft Malware Protection Center
Sophos
  • MAL/EMOGEN-Y
Symantec
  • BACKDOOR.GRAYBIRD
TrendMicro
Arcabit
  • TROJAN.GENERIC.D5DEF3C
Avast
  • FILEREPMALWARE
Avira
  • TR/DELF.INJECT.XJUBR
Baidu
  • WIN32.TROJAN.WISDOMEYES.16070401.9500.9935
BitDefender
  • TROJAN.GENERICKD.6156092
DrWeb
  • TROJAN.DOWNLOADER25.51342
ESET-NOD32
  • WIN32/SPY.DELF.QOW
F-Secure
  • ROGUE:W32/FAKEAV.BI
GData
  • WIN32.TROJAN.AGENT.FDDAPK
Jiangmin
  • TROJAN.GENERIC.BNUEH
Qihoo-360
  • WIN32/TROJAN.651
Tencent
  • WIN32.TROJAN.INJECT.AUTO
References https://twitter.com/JAMESWT_MHT/status/926040777364516864
Related Threats