Win32/Pramro [Threat Name] go to Threat

Win32/Pramro.B [Threat Variant Name]

Category trojan
Size 25770 B
Detection created Aug 13, 2014
Detection database version 10247
Aliases Trojan.Pramro (Symantec)
Short description

Win32/Pramro.B is a trojan that is used for spam distribution. The file is run-time compressed using UPX .

Installation

The trojan does not create any copies of itself.


The trojan is probably a part of other malware.

Spam distribution

Win32/Pramro.B is a trojan that is used for spam distribution.


The message depends entirely on data the trojan downloads from the Internet.


The sender's address is spoofed.


Some of the following strings may be used to form the sender address:

  • .fbi
  • abuse
  • admin
  • affiliate@
  • agent@
  • anon
  • autoresponder@
  • avira
  • betting
  • billing@
  • bounce@
  • buyvip
  • card@
  • church
  • complaint
  • contact@
  • customercare@
  • customerservice@
  • customersupport@
  • defender
  • doctorweb
  • dropbox
  • editor@
  • email@
  • fbi.
  • fbi@
  • fraud
  • gift@
  • government@
  • help@
  • hisleter
  • honeypot
  • hostmaster@
  • info@
  • inform@
  • isisjusttestletter
  • junk@
  • justtestl
  • justtestlm
  • kaspersky
  • lawyer
  • letter
  • mailer-daemon@
  • membership@
  • moderator@
  • mybirthdays@
  • news@
  • newsletter@
  • no-mail@
  • no-response
  • notifocation
  • notify@
  • online@
  • operator@
  • passport@
  • password@
  • petitions@
  • playtech@
  • police@
  • postmaster@
  • postoffice@
  • president@
  • remove@
  • reply
  • robot@
  • root@
  • sales@
  • security
  • sendingthisl
  • sendingthism
  • service@
  • soporte@
  • spam
  • s-p-a-m@
  • sportsbooking
  • staff@
  • subscribe@
  • suggestion@
  • supervisor@
  • support@
  • symantec
  • sysadmin@
  • system@
  • team@
  • tech@
  • techsup@
  • techsupport@
  • tech-support@
  • test0
  • test1
  • test2
  • test3
  • test4
  • test5
  • test6
  • test7
  • test8
  • test9
  • toolbar@
  • trap
  • trendmicro
  • uce_trap
  • ucetrap
  • uce-trap
  • unknown@
  • update
  • virus
  • webmaster@
  • webmistress@
  • welcome
  • yahoo@
  • yourname@

The SMTP protocol is used.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan connects to the following addresses:

  • 142.4.2%removed%:4664

Please enable Javascript to ensure correct displaying of this content and refresh this page.