Win32/Tofsee [Threat Name] go to Threat

Win32/Tofsee.AV [Threat Variant Name]

Category trojan
Size 99840 B
Detection created Feb 12, 2013
Detection database version 8000
Aliases Trojan-Dropper.Win32.Dorifel.aace (Kaspersky)
  RDN/Downloader.a!cc.trojan (McAfee)
  TrojanDownloader:Win32/Tofsee.gen!A (Microsoft)
Short description

Win32/Tofsee.AV is a trojan which tries to download other malware from the Internet. The file is run-time compressed using UPX .

Installation

The trojan does not create any copies of itself.


The trojan terminates its execution if it detects that it's running in a specific virtual environment.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (3) URLs. The HTTP protocol is used.


The trojan tries to download several files from the Internet.


These are stored in the following locations:

  • %currentfolder%\­%malwarefilename%.jpg
  • %profile%\­%variable1%.exe

The files are then executed.


The trojan creates the following file:

  • %temp%\­%variable2%.bat

A string with variable content is used instead of %variable1-2% .


The trojan removes itself from the computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.