Win32/Spy.Odlanor [Threat Name] go to Threat
Win32/Spy.Odlanor.A [Threat Variant Name]
|Detection created||Apr 19, 2015|
|Signature database version||11499|
Win32/Spy.Odlanor.A is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.
The trojan does not create any copies of itself.
In order to be executed on every system start, the trojan sets the following Registry entry:
- "pkrw" = "%malwarefilepath%"
The trojan collects the following information:
- computer name
- user name
- operating system version
The trojan attempts to send gathered information to a remote machine.
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a URL address. The HTTP protocol is used in the communication.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- run executable files
- capture screenshots
- update itself to a newer version
- uninstall itself
- send gathered information