| Aliases: | Trojan-Downloader.Win32.Mutant.ady (Kaspersky), Trojan Horse (Symantec), Downloader-QM trojan (McAfee) |
| Type of infiltration: | Trojan |
| Size: | 13312 B |
| Affected platforms: | Microsoft Windows |
| Signature database version: | 3180 (20080612) |
|
Short description
The trojan tries to download several files from the Internet. The files are then executed.
Installation
The trojan does not create any copies of itself.
In order to be executed on every system start, the trojan sets the following Registry entry:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run]
"advap32" = "%filepath% /r"
Other information
The trojan contains a list of (8) URL addresses. It tries to download several files from the addresses. The HTTP protocol is used.
The files are stored in the current folder. The file names are randomly generated.
The downloaded files contain encrypted executables. After decryption, the trojan runs these files.
The trojan creates and runs a new thread with its own program code within the following processes:
