Elenkage.A
Threat LevelDamageDistribution

Effects 

Elenkage.A carries out the following actions:

• The main component has the following icon:
  
  
• When it is run, it establishes several connections to FTP servers from which it downloads several malicious files which belong to malware of the Lineage family.
• Meanwhile, in order to distract users, it opens a browser and displays the following website:
  
  
• The downloaded files are detected as Lineage.LDY. The objective of this malware is to steal passwords of online games, such as Arcturus, Zodiac Online and Maple Story, among others:
  
  
• Then, it sends the information it has obtained via SMTP.

Infection strategy 

Elenkage.A creates the following files:

• F3C74E3FA248.EXE and F3C74E3FA248.DLL, in the folder Help of the Windows directory.
• RO.DLL, in the Windows system directory.

Elenkage.A creates the following entries in the Windows Registry:

• HKEY_CLASSES_ROOT\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32
  (Default) = %windir%\HELP\F3C74E3FA248.dll 
  where %windir% is the Windows directory.
• HKEY_CLASSES_ROOT\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32
  ThreadingModel = Apartment
• HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ ShellExecuteHooks
  {1DBD6574-D6D0-4782-94C3-69619E719765}

Means of transmission 

Elenkage.A does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Further Details  

Elenkage.A is 2,071 bytes in size.