Trojan.Dropper.Oficla.O is another Trojan spreading through email attachments. Usually a fake MS word document is its point source to infect a system. It affects the registry files in the system which ensures it is executed at every start up of the system. The following code is run to ensure its execution –
[HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon] Shell = Explorer.exe rundll32.exe random_dll random_api- where random_dll and random_api may change with newer versions(e.g. pgsb.lto csxyfxr)
The Trojan creates a dll (dynamic link library) file in the temp folder to meets its objectives. The Trojan transfers information from the infected systems to a host computer. The droppers are used to create uncertainty amongst users as they make the Trojan appear as a legitimate file.