TROJ_DLOADR.PHK
a variant of Win32/Kryptik.AOJG trojan (NOD32), Gen:Variant.Kazy.99624 (Bitdefender)
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
TECHNICAL DETAILS
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Download Routine
This Trojan connects to the following website(s) to download and execute a malicious file:
- http://{BLOCKED}eh.ru/avalon3.exe
It saves the files it downloads using the following names:
- %Temp%\temp73.exe
(Note: %Temp% is the Windows Temporary folder, which is usually C:\Windows\Temp or C:\WINNT\Temp.)
It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.