Win32/Duuzer [Threat Name] go to Threat

Win32/Duuzer.A [Threat Variant Name]

Category trojan
Size 179200 B
Detection created Oct 26, 2015
Detection database version 12468
Aliases Trojan:Win32/Dynamer!ac (Microsoft)
  TR/Dynamer.ac.5589 (Avira)
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.

Information stealing

The trojan collects the following information:

  • computer name
  • user name
  • operating system version
  • computer IP address
  • network adapter information
  • CPU information

The trojan attempts to send gathered information to a remote machine.


Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (3) URLs. The HTTP protocol is used in the communication.


It may perform the following actions:

  • download files from a remote computer and/or the Internet
  • run executable files
  • upload files to a remote computer
  • upload file list
  • execute shell commands
  • various file system operations
  • send the list of running processes to a remote computer
  • terminate running processes
  • remove itself from the infected computer

The trojan may create the following files:

  • %temp%\­MicrosoftLocalTemp\­%variable1%\­%variable1%.dat
  • %temp%\­hfb%variable2%.zip
  • %temp%\­VY%variable3%
  • %malwarefolder%\­%malwarefilename%d.bat
  • %temp%\­MicrosoftLocalTemp\­%variable1%\­temp

A string with variable content is used instead of %variable1-3% .


The trojan quits immediately if any of the following applications is detected:

  • VirtualBox
  • VMware

Please enable Javascript to ensure correct displaying of this content and refresh this page.