Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Threats Trojan-Downloader Win32

Trojan-Downloader.Win32.Small.ccg

Update Date
02/14/2024

Class: Trojan-Downloader

Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up. Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page). This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Family: Trojan.Win32.Small

No family description

Examples

307A4E61436629D06EAB8B4FB99DAD03
0A05AC7CAF21C38CA9396B0439A511E0
C66BF2C14331D39B59DF642267B14B9A
81048C55CB72197890135B61300ACEC0
8B0B0A26FBF4E721B09B0D7250E9341D

Tactics and Techniques: Mitre*

TA0011
Command and Control

Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware’s communications. These calculations can be used to dynamically adjust parameters such as the domain name, IP address, or port number the malware uses for command and control.


T1568
Dynamic Resolution

Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware’s communications. These calculations can be used to dynamically adjust parameters such as the domain name, IP address, or port number the malware uses for command and control.


* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
19 September 2025
Securelist
Threat landscape for industrial automation systems in Q2 2025
16 September 2025
Securelist
RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
15 September 2025
Securelist
Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers
10 September 2025
Securelist
Notes of cyber inspector: three clusters of threat in cyberspace
05 September 2025
Securelist
IT threat evolution in Q2 2025. Mobile statistics
05 September 2025
Securelist
IT threat evolution in Q2 2025. Non-mobile statistics
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Threat
Confirm changes?
Your message has been sent successfully.