Trojan.Win32.DLOADR.YXCCA

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Otros detalles

Requiere los componentes adicionales siguientes para ejecutarse correctamente:

• {Malware Folder}\lua5.1.dll
• {Malware Folder}\luacom.dll
• {Malware Folder}\mime.dll
• {Malware Folder}\socket.dll
• {Malware Folder}\sppsvc.exe → LUA Script Interpreter
• {Malware Folder}\lua\ltn12.lua
• {Malware Folder}\lua\mime.lua
• {Malware Folder}\lua\socket.lua
• {Malware Folder}\lua\socket\http.lua
• {Malware Folder}\lua\socket\tp.lua
• {Malware Folder}\lua\socket\url.lua

Hace lo siguiente:

• It connects to the following URL(s) to download a component which it will load in its memory and perform its malicious routine:
  • http://{BLOCKED}.{BLOCKED}.188.96/{Serial Number of Drive C: in Decimal}
• If serial number in decimal is negative it will remove the "-" sign.