According to antivirus company BitDefender, this complex Trojan is identified as Trojan.Dropper.UAJ. The latter tries to evade antivirus detection by not adding itself to the list of programs during startup.
The company’s Malware City blog read, “Trojan.Dropper.UAJ comes with its own approach – it patches a vital code library (comres.dll) forcing all applications that rely on comres.dll to execute this particular e-threat, as well.”
BitDefender states that comres.dll is commonly used by Internet browser (most). They use it for communication applications and networking tools. That is why this is very popular and very important to the operating system of the computer.
They say that the Trojan duplicates the genuine comres.dll file, and then patches it and saves it in the Windows directory folder where the OS looks for a dynamic link library or DLL.
Then the Trojan drops the file identified as a backdoor .Zxshell.B or prfn0305.dat which contains the function that eventually compromises your operating system.
BitDefender says that the Trojan can run on almost any Windows operating systems both 32 and 64 bit versions.