Win32/Trustezeb [Threat Name] go to Threat
Win32/Trustezeb.C [Threat Variant Name]
|Detection created||Jun 08, 2012|
|Signature database version||7206|
Win32/Trustezeb.C is a trojan which tries to download other malware from the Internet. The file is run-time compressed using UPX .
When executed, the trojan copies itself in some of the the following locations:
In order to be executed on every system start, the trojan sets the following Registry entry:
- "%variable4%" = "%malwarefilepath%"
A string with variable content is used instead of %variable1-4% .
The trojan quits immediately if the executable file path contains one of the following strings in its path:
The trojan creates and runs a new thread with its own program code within the following processes:
The trojan displays the following dialog box:
The trojan collects the following information:
- disk serial number (without spaces)
- computer name
The trojan attempts to send gathered information to a remote machine.
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of (5) URLs. The HTTP, HTTPS, FTP protocol is used.
It can execute the following operations:
- update itself to a newer version
- download files from a remote computer and/or the Internet
- run executable files
The trojan may create the following files:
A string with variable content is used instead of %variable5% .
The trojan may attempt to delete all files on the local drives.
The trojan may cause the operating system to crash.