imm32.dll, its unforeseeable evlution (2)

1. Introduction

We already posted about imm32.dll file related patch type malicious file before.
However, we are posting again after finding another malicious file which creates malicious svchost.exe.
Since this malicious file can leak personal information, user needs special attention to be careful on downloading and executing from the internet.

2. Spreading path and symptoms of infection

Found malicious file at this time has its new features with creating another malicious svchost.exe in Windows system folder and acting except normal imm32.dll patch.
Besides, this, injected in certain online games, messenger, Internet Explorer, tries to sniff login information and send to certain external site.

Currently, this malicious file, as we mentioned earlier post, is being infected after downloaded from hacked web page or vulnerability of certain web browser.

This following figure is one of spread malicious files..

Upon execution downloaded lala.exe, it will create malicious svchost.exe in Windows system folder. Generated svchost.exe file will download .TXT file which contains server path to download additional malicious files and download files from that path.

* Information file containing malicious file distribution server

* Malicious file spreading Domain IP

Malicious svchost.exe and imm32.dll files are injected certain file generated by lala.exe. And it will be working after injected certain online game, messenger, and Internet Explorer.

Furthermore, malicious svchost.exe can incapacitate some of Korean anti-virus softwares. This following figure is the list of process.

* Before and after process status on being infected by malicious files

Upon execution those malicious files, it will create additional malicious file and set itself work on rebooting.

[Generated file information]

C:\Documents and Settings\User account folder\Local Setting\Temp\(random 6 numbers).tmp

* Preferences of normal and malicious imm32.dll file

* Preference of malicious svchost.exe

[Registry information]

▣ Value name : Rundll32.exe
▣ Value data : "C:\WINDOWS\system\svchost.exe"

* Registry registered information 

3. How to prevent

To use your PC safely from security threats of these malicious applications, we recommend following tips "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system 24 hours against various security threats.


  1. nếu bạn đang dự định mua vé máy bay thì hãy nhanh chóng liên hệ tại đại lý vé máy bay 24h để được cập nhật các giá vé tốt nhất đặt biệt là các vé máy bay giá rẻ cho các chuyên bay nội địa, hãy nhanh chóng liên hệ tại website vetaugiare24h.com để được cung cấp các vé tốt nhất và còn có vé tàu với giá vé tàu lửa luôn cam kết thấp nhất so với các phòng vé khác.

  2. Đại lý vemaybay39 global links cung cấp vé máy bay giá rẻ

  3. If you want to know what helped me to write my women rights essay, you should read https://essayclick.net/blog/women-rights-essay. It was really great tips that had helped me a lot.

  4. nếu bạn muốn điều trị sụp mí thì phương pháp cắt mí mắt là hiệu quả nhất hiện nay

  5. It is important for medical science research paper service students to seek Medical Science Assignment Help from a reputable custom medical science writing company so as to be assured of good grades in their medical science essay writing services.

  6. This comment has been removed by the author.

  7. آیا میدانید برای زخم پای دیابتی به چه دکتری باید مراجعه کنید؟ دکتر علی ستایش بهترین دکتر فوق تخصص زخم پای دیابتی می باشد. درمان عفونت پای دیابتی چگونه است و آیا نیاز به جراحی دارد؟ چگونه از عمل قطع پای دیابتی جلوگیری کنیم؟