TROJ_DLOAD.SW
Windows 2000, Windows XP, Windows Server 2003
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Spyware
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes downloaded files whose malicious routines are exhibited by the affected system.
TECHNICAL DETAILS
94,208 bytes
EXE
No
05 May 2011
Downloads files, Connects to URLs/Ips
Arrival Details
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Download Routine
This spyware accesses the following websites to download files:
- %User Temp%\bdel
- %User Temp%\dll64ocx
- %User Temp%\tempox
- %User Temp%\win32com
(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.)
It executes downloaded files :
- %User Temp%\est.exe
- %User Temp%\hiphelp.exe
(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.)
whose malicious routines are exhibited by the affected system.Other Details
This spyware connects to the following possibly malicious URL:
- http://{BLOCKED}omautocenter.com.br/galeria/admin/archivo.html