Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionThe trojan tries to download several files from the Internet. The files are then executed.
InstallationWhen executed, the trojan copies itself into the following location:
In order to be executed on every system start, the trojan sets the following Registry entry:
"%username%" = "%userprofile%\%username%.exe /i"
Other informationThe trojan contains a list of (8) URLs. It tries to download several files from the addresses. The HTTP protocol is used.
These are stored in the following locations:
A string with variable content is used instead of %variable% .
The downloaded files contain encrypted executables. After decryption, the trojan runs these files.
The trojan creates and runs a new thread with its own program code within the following processes:
The trojan launches the following processes:
The performed command creates an exception in the Windows Firewall.
- netsh firewall set allowedprogram "%userprofile%\%username%.exe"