Class | Trojan-Downloader |
Platform | Win32 |
Description |
Technical DetailsThis Trojan downloads files via the Internet without the user’s knowledge or consent. It is a Windows PE EXE file. It is written in Borland C++. It has the following components:
PayloadThe Trojan program (X.EXE) attempts to establish a TCP connection to 116.116.199.216:62324 (216.216.216.216:55512). If a connection is not established within 30 seconds, the Trojan will terminate its process. If a connection is established, the Trojan will create a file called “anyfile.exe” in the current directory, write downloaded data to this file, and then launch the file for execution. The Trojan will then cease running. The Trojan uses a ZFTP server on port 12345 to download data. When the client component (CLIENT.EXE) is launched, it sends a broadband request to check port 12345. If the address of the computer where the server component (SERVER.EXE) is installed is given as a command line parameter, then a connection will be established to this machine on the designated port. Files will then be downloaded from the server. Removal instructions
|
Find out the statistics of the threats spreading in your region |