Analysis by: Michael Cabel
 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be hosted on a website and run when a user accesses the said website.

It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

  TECHNICAL DETAILS

Tamaño del archivo 18,210 bytes
Tipo de archivo Java Class
Residente en memoria No
Fecha de recepción de las muestras iniciales 09 Sep 2011

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be hosted on a website and run when a user accesses the said website.

Download Routine

This Trojan saves the files it downloads using the following names:

  • %User TEmp%\{Random File Name}.exe

It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

NOTES:
This trojan contains a function that attempts to connect to a website to download a possibly malicious file. The URL where it is connecting to download files depends on the parameter passed on to its function.