Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/Goriadu.AA

Aliases:Trojan.Win32.Goriadu.hi (Kaspersky), Goriadu trojan (McAfee), Trojan Horse (Symantec) 
Type of infiltration:Trojan  
Size:315491 B 
Affected platforms:Microsoft Windows 
Signature database version:4857 (20100211) 

Short description

Win32/Goriadu.AA is a trojan which tries to download other malware from the Internet. Trojan is probably a part of other malware.

Installation

The trojan does not create any copies of itself.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of 6 URLs. The HTTP protocol is used.

It can execute the following operations:
  • download files from a remote computer and/or the Internet
  • run executable files
The trojan may set the following Registry entries:
  • [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
    WinSock2speednet_sph]
    "%variable1%" = "%systemroot%system32mswsock.dll"
    "%variable2%" = "%systemroot%system32rsvpsp.dll"
    "PathName" = "%variable3%"
A string with variable content is used instead of %variable1-3%.

The trojan may create the following files:
  • %appdata%MyIEDatabrudo.dat
  • %appdata%MyIEDatamain.ini