Compound suspicious trojan submit -seemed bypass sonar

The sample is said to be a remote control trojan . It seems like the "HtkEju.exe" acts as a loader and  get the resources  in the fake .jpg file. Then it drops "stormtray.exe" and "stormupdate.dll". "stormtray.exe" load the .dll file and act as a trojan. (Those can be found in File Insight and Performance monitor )

 

However, there is something strange. Although the process "stormtray.exe" can be seen in Task manager, Performance monitor and File Insight, it disappeared in Application Ratings. 

 

345.PNG

 

 

For the Trojan is "compound",  the official suspected infected file submit system maybe could not recognized. I just upload the suspicious in fileserve.

 

[Removed link to suspicious file. -Dave]