This Trojan may be downloaded by other malware/grayware from remote sites.
File size: 167,936 bytes
File type: EXE
Memory resident: Yes
Initial samples received date: 15 Mar 2012
Payload: Connects to URLs/IPs, Steals information, Downloads files
Arrival Details
This Trojan may be downloaded by the following malware/grayware from remote sites:
Installation
This Trojan adds the following mutexes to ensure that only one of its copies runs at any one time:
NOTES:
This malware may arrive as an EXE or DLL file.
If it finds itself as an exe file, it creates a window with the following title:
It gathers the following information from the affected system:
- Serial number of the affected system's hard disk
- Running processes
- Installed software that are registered in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall registry key
It then sends the gathered information to the following domains:
- {BLOCKED}kh.com
- {BLOCKED}gu.com
It sends the information by issuing the following HTTP request to the abovementioned domains:
- http://{domain}/search?fr=altavista&itag=ody&q={parameter}&kgs=1&kls=0&p={parameter}
It may also download other possibly malicious file(s) from the said sites.
As of this writing, there is no reply from the C&C server.
Connect with us on
| | | |