Troj/QakBot-H is a Trojan for the Windows platform.
Troj/QakBot-H includes functionality to:
- run automatically
- copy itself to the <System> folder
- create files in the <System> folder
When Troj/QakBot-H is installed it creates the file <System>\sdra64.exe.
The following registry entry is changed to run sdra64.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe,<System>\sdra64.exe,