Win32/Close2Me [Threat Name] go to Threat

Win32/Close2Me.AB [Threat Variant Name]

Category trojan
Size 38912 B
Detection created Sep 10, 2012
Detection database version 7463
Short description

Win32/Close2Me.AB is a trojan which tries to download other malware from the Internet.

Installation

The trojan is probably a part of other malware.


The trojan does not create any copies of itself.


The trojan quits immediately if it detects a window containing one of the following strings in its title:

  • Termsix32
  • wireshark.exe
  • ollydbg
Information stealing

The trojan collects the following information:

  • operating system version
  • computer name
  • user name
  • computer IP address
  • volume serial number
  • installed antivirus software

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (2) URLs. The HTTP, UDP, FTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • send files to a remote computer
  • send the list of running processes to a remote computer
  • send gathered information

The trojan may execute the following commands:

  • rundll32 msp32.dll ",MODULEMAINFUNC"

The following files are deleted:

  • %system%\­msiclass.dll
  • %system%\­mtlclass.dll
  • %windir%\­hwuser.dll

Please enable Javascript to ensure correct displaying of this content and refresh this page.