Win32/Bruter [Threat Name] go to Threat

Win32/Bruter.C [Threat Variant Name]

Category trojan
Size 45056 B
Detection created Nov 18, 2014
Detection database version 10740
Aliases TR/Bruter.45056 (Avira)
  Atros.ZXS (AVG)
Short description

The trojan is designed to generate specific requests for remote machines. The trojan can be used when performing DoS/DDoS attacks.

Installation

When executed, the trojan copies itself into the following location:

  • %temp%\­system\­svchost.exe

The trojan registers itself as a system service using the following name:

  • naprsrv

This causes the trojan to be executed on every system start.


The trojan may create the following files:

  • %temp%\­system\­wmplog09c.sqm
  • %temp%\­system\­wmplog21t.sqm
  • %temp%\­system\­wmplog15r.sqm

The trojan is probably a part of other malware.

Other information

The trojan connects to various remote machines.


The malware configuration is passed as command line parameters when the malware executable is launched.


It tries to connect to remote machines to ports:

  • 123 (NTP MON_GETLIST)

The following information is collected:

  • information sent by remote machine (on request)

The collected information is stored in the following file:

  • wmplog15r.sqm

The trojan attempts to send gathered information to a remote machine.


The network communication with remote computer/server is encrypted. The TCP protocol is used in the communication.


The trojan can be used when performing DoS/DDoS attacks.

Please enable Javascript to ensure correct displaying of this content and refresh this page.