Win32/TrojanDownloader.Small.PSG [Threat Name] go to Threat

Win32/TrojanDownloader.Small.PSG [Threat Variant Name]

Category trojan
Size 10240 B
Detection created Jun 23, 2014
Detection database version 9986
Aliases Trojan.DownLoader9.64424 (Dr.Web)
  Win32/DH{RA8gIyU} (AVG)
Short description

Win32/TrojanDownloader.Small.PSG is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "NerFilterCheck" = %malwarefilepath%

The following Registry entry is set:

  • [HKEY_LOCAL_MACHINE\­SYSTEM\­CurrentControlSet\­Services\­SharedAccess\­Parameters\­FirewallPolicy\­StandardProfile\­AuthorizedApplications\­List]
    • "%malwarefilepath%" = "%malwarefilepath%:*:Enabled:Microsoft Online Update"

The performed data entry creates an exception in the Windows Firewall program.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a URL address. The HTTP protocol is used.


It may perform the following actions:

  • download files from a remote computer and/or the Internet

The file is stored in the following location:

  • %temp%\­Net%variable%.exe

The file is then executed.


A string with variable content is used instead of %variable% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.