Win32/TrojanDownloader.Small.POU [Threat Name] go to Threat

Win32/TrojanDownloader.Small.POU [Threat Variant Name]

Category trojan
Detection created Feb 22, 2013
Detection database version 10633
Aliases Trojan.Win32.Scar.hivv (Kaspersky)
  Downloader (Symantec)
Short description

Win32/TrojanDownloader.Small.POU is a trojan which tries to download other malware from the Internet.

Installation

When executed, the trojan copies itself into the following location:

  • %commonmusic%\­AcroRd32Info.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "ShStatEXE" = "%commonmusic%\­AcroRd32Info.exe"
Other information

Win32/TrojanDownloader.Small.POU is a trojan which tries to download other malware from the Internet.


The trojan contains a list of (2) URLs.


It tries to download a file from the addresses.


The file is stored in the following location:

  • %temp%\­tmp%variable%.dat
  • %temp%\­tmp%variable%.exe

The file is then decrypted and executed. The HTTP protocol is used in the communication.


The %variable% represents a random number.

Please enable Javascript to ensure correct displaying of this content and refresh this page.