Win32/Gootkit [Threat Name] go to Threat

Win32/Gootkit.B [Threat Variant Name]

Category trojan
Size 349184 B
Detection created May 12, 2010
Detection database version 5109
Aliases Backdoor.Win32.ZZSlash.ddg (Kaspersky)
  W32.Downadup.B (Symantec)
  TrojanDropper:Win32/Otlard.C (Microsoft)
Short description

Win32/Gootkit.B is a trojan that installs Win32/Conficker.AW malware. The file is run-time compressed using UPX .

Installation

When executed, the trojan creates the following files:

  • %system%\­qqqqqqqq.vmx (224214 B, Win32/Conficker.AW)

The trojan creates and runs a new thread with its own program code within the following processes:

  • svchost.exe
Other information

The trojan contains a list of (2) URLs. It tries to download several files from the addresses. The HTTP protocol is used.


These are stored in the following locations:

  • %currentfolder%\­a.exe
  • %currentfolder%\­b.exe

The files are then executed.

Please enable Javascript to ensure correct displaying of this content and refresh this page.