A Trojan that serves the purpose of injecting a backdoor's core module into svchost.exe.
The Trojan gets installed on the system at the following path:
- C:\WINDOWS\system32\tpframe.exe
It communicates with the following servers:
- creatfile.*****.net
- creatnimei.******-wiki.com
- atoi.******.net
The Trojan sends computer-related information to command and control servers; at that, the data is titled as follows:
<html><title>12356</title><body>