Win32/Gootkit.B is a trojan that installs
malware. The file is run-time compressed using UPX.
When executed, the trojan creates the following files:
- %system%qqqqqqqq.vmx (224214 B, Win32/Conficker.AW)
The trojan creates and runs a new thread with its own program code within the following processes:
The trojan contains a list of (2) URLs. It tries to download several files from the addresses. The HTTP protocol is used.
These are stored in the following locations:
The files are then executed.