Win32/TrojanDownloader.BrutPOS [Threat Name] go to Threat

Win32/TrojanDownloader.BrutPOS.A [Threat Variant Name]

Category trojan
Size 8704 B
Detection created Jul 11, 2014
Detection database version 10080
Short description

Win32/TrojanDownloader.BrutPOS.A is a trojan that steals sensitive information. The trojan attempts to send gathered information to a remote machine.

Installation

The trojan may create copies of itself using the following filenames:

  • %windir%\­lsass.exe

The trojan registers itself as a system service using the following name:

  • winserv

This causes the trojan to be executed on every system start.

Information stealing

Win32/TrojanDownloader.BrutPOS.A is a trojan that steals sensitive information.


The trojan collects the following information:

  • credit card information

The collected information is stored in the following file:

  • %windir%\­winsrv.sys

The trojan attempts to send gathered information to a remote machine. The FTP protocol is used in the communication.

Other information

The trojan may attempt to download files from the Internet.


The file is stored in the following location:

  • %currentfolder%\­1.exe

The file is then executed.


The trojan contains a URL address. The HTTP protocol is used.


The trojan connects to the following addresses:

  • smtp.gmail.com

Please enable Javascript to ensure correct displaying of this content and refresh this page.