TROJ_RUCKGUV.WUP
TrojanDownloader:Win32/Ruckguv.A (Microsoft); Trojan.Ruckguv.Win32.1 (Zillya); Trojan-Downloader.Win32.Injecter.jnb (Kaspersky)
Windows
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It deletes itself after execution.
TECHNICAL DETAILS
159,336 bytes
EXE
Yes
21 Apr 2015
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan adds the following processes:
- svchost.exe
Other System Modifications
This Trojan adds the following registry entries:
HKEY_CURRENT_USER\Software\Windows\
CurrentVersion
path = "{malware path}\{malware name}.exe"
Other Details
This Trojan connects to the following possibly malicious URL:
- {BLOCKED}products.com:443
It deletes itself after execution.