Analysis by: Michael Cabel

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It may be injected into processes running in memory.

  TECHNICAL DETAILS

File Size: 209,920 bytes
File Type: EXE
Memory Resident: Yes
Initial Samples Received Date: 09 Dec 2011

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Trojan may be injected into processes running in memory.

Other Details

This Trojan connects to the following URL(s) to get the affected system's IP address:

  • http://www.whatismyip.org