Win32/Locotout [Threat Name] go to Threat

Win32/Locotout.J [Threat Variant Name]

Category trojan
Size 699508 B
Detection created May 20, 2016
Detection database version 13522
Aliases Trojan:Win32/Locotout.gen!A (Microsoft)
Short description

Win32/Locotout.J is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

When executed, the trojan creates the following files:

  • %windir%\­system32\­adrem2.exe (69632 B, Win32/Locotout.J)
  • %windir%\­system32\­ssleay32.dll (200704 B)
  • %windir%\­system32\­adrem2.exe (69632 B)
  • %windir%\­system32\­zlib1.dll (73728 B)
  • %windir%\­system32\­libcurl.dll (176128 B)
  • %windir%\­system32\­libeay32.dll (1064960 B)

The trojan registers itself as a system service using the following name:

  • AdsRemove

This causes the trojan to be executed on every system start.

Information stealing

The trojan collects the following information:

  • cookies

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (2) URLs. The HTTP protocol is used in the communication.


The trojan may execute the following commands:

  • cmd /c net start AdsRemove

Please enable Javascript to ensure correct displaying of this content and refresh this page.