Troj/Dloader-HF is a downloader Trojan.
Troj/Dloader-HF attempts to copy itself to the Windows system folder with the filename CMD32.EXE and to set the following entry in the registry so as to run itself on system startup, resetting this value periodically:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
ControlPanel =
<Windows system folder>\cmd32.exe internat.dll,LoadKeyboardProfile
Troj/Dloader-HF attempts to download files from the following websites to numbered files with DAT extensions or to the files CC.C or UU.U:
http://dapsol.com
http://www.awmcash.biz
Troj/Dloader-HF then copies the downloaded files to the Windows system folder with the following filenames and executes them:
usxxcxzcb.exe
lpzxczxct.exe
izxczxcr.exe
intrcxzcxzcon.exe
intffdsronsad.exe
intfsdffdsronsad.exe
intronsad.exe