Troj/Jupdrop-A is a dropper Trojan for the Windows platform.
Troj/Jupdrop-A may drop the empty file file werdsf to the Windows system folder.
Troj/Jupdrop-A may drop the files mspostsp.exe and msupdate32.dll to the Windows system or local application data folder. The file mspostsp.exe is detected as Troj/Jupdrop-A and the file msupdate32.dll is usually detected as a member of the Troj/Jupdow family.
If the files are dropped to the Windows system folder, the following registry entries are created to run code exported by msupdate32.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate
DllName
msupdate32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate
Startup
WinlogonStartupEvent
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate
Impersonate
0
If the files are dropped to the local application data folder, the following registry entry is created to run mspostsp.exe on startup:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe "<local application data>\mspostsp.exe"
Troj/Jupdrop-A then runs mspostsp.exe, which injects msupdate32.dll into the process explorer.exe.