Win32/TrojanDownloader.Rochap [Threat Name] go to Threat

Win32/TrojanDownloader.Rochap.A [Threat Variant Name]

Category trojan
Detection created Sep 07, 2009
Detection database version 4404
Aliases Trojan-Downloader.Win32.Agent.bhfj (Kaspersky)
  Generic.dx (McAfee)
  Infostealer.Bancos (Symantec)
Short description

Win32/TrojanDownloader.Rochap.A is a trojan which tries to download other malware from the Internet.

Installation

When executed, the trojan creates the following files:

  • %system%\­fwd7.dll (18432 B)
  • %system%\­comprovanteEmail.html (13480 B)

The trojan executes the following command:

  • %system%\­rundll32.exe %system%\­fwd7.dll Test
Other information

The trojan runs the default Internet browser.


The following file is opened in the browser:

  • %system%\­comprovanteEmail.html

Example (1.) :

The trojan contains an URL address.


It tries to download a file from the address.


The file is then saved as "%system%\drivers\etc\filetoleliz.exe" and executed.


The HTTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.