Win32/SpamTool.Tedroo [Threat Name] go to Threat

Win32/SpamTool.Tedroo.AZ [Threat Variant Name]

Category trojan
Size 189440 B
Detection created Mar 11, 2013
Detection database version 9018
Aliases Trojan.Win32.Inject.fmmx (Kaspersky)
  Trojan.Asprox (Symantec)
Short description

Win32/SpamTool.Tedroo.AZ is a trojan that is used for spam distribution. The file is run-time compressed using UPX .

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "MSNetDDNowiz" = "%malwarefilepath%"
Other information

Win32/SpamTool.Tedroo.AZ is a trojan that is used for spam distribution.


The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (5) URLs. The HTTP, SMTP protocol is used.


The trojan checks for Internet connectivity by trying to connect to the following servers:

  • aol.com:25
  • google.com:25
  • hotmail.com:25
  • mail.com:25
  • yahoo.com:25

The trojan keeps various information in the following Registry key:

  • [HKEY_CURRENT_USER\­Software\­LERTDMon\­ZkeyDAlt]

Please enable Javascript to ensure correct displaying of this content and refresh this page.