pátek 24. února 2012

TrojanDownloader:Win32/Zamelcat.A


Encyclopedia entry
Updated: Jan 25, 2012  |  Published: Jan 25, 2012

Aliases
  • Trojan.ADH.2 (Symantec)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection last updated:
Definition: 1.121.175.0
Released: Feb 22, 2012
Detection initially created:
Definition: 1.119.260.0
Released: Jan 20, 2012


 

Summary

TrojanDownloader:Win32/Zamelcat.A is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.


 

Symptoms

System changes
The following system changes may indicate the presence of this malware:
  • The presence of the following files:
  • c:\documents and settings\administrator\local settings\temp\xww.exe 



 

Technical Information (Analysis)

TrojanDownloader:Win32/Zamelcat.A is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.
Installation
TrojanDownloader:Win32/Zamelcat.A creates the following files on an affected computer:

  • c:\documents and settings\administrator\local settings\temp\xww.exe
Payload
Contacts remote host
TrojanDownloader:Win32/Zamelcat.A may contact a remote host at 50.28.12.100 using port 80. Commonly, malware may contact a remote host for the following purposes:
  • To report a new infection to its author
  • To receive configuration or other data
  • To download and execute arbitrary files (including updates or additional malware)
  • To receive instruction from a remote attacker
  • To upload data taken from the affected computer

This malware description was produced and published using our automated analysis system's examination of file SHA194c02e4cab4e362573adf3c574ad68757073658f.

Žádné komentáře:

Okomentovat

Poznámka: Komentáře mohou přidávat pouze členové tohoto blogu.