Win32/TrojanDownloader.Swizzor [Threat Name] go to Threat

Win32/TrojanDownloader.Swizzor.AG [Threat Variant Name]

Category trojan
Size 7400 B
Detection created May 21, 2004
Detection database version 769
Aliases Trojan-Downloader.Win32.Swizzor.ag (Kaspersky)
  Adware.Lop (Symantec)
  Swizzor (McAfee)
Short description

Win32/TrojanDownloader.Swizzor.AG is a trojan which tries to download other malware from the Internet. The file is run-time compressed using UPC .

Installation

The trojan does not create any copies of itself.


The trojan may display the following message:

Other information

The trojan connects to the following addresses:

  • http://%randomstr%.bins.lop.com/bins/[%removed%]

%randomstr% represents a random text.


It tries to download several files from the addresses.


These are stored in the following locations:

  • %temp%\­Rem%variable%.TMP

A string with variable content is used instead of %variable% .


The trojan creates copies of the following files (source, destination):

  • %temp%\­Rem%variable%.TMP, %temp%\­Rem%variable%.TMP.exe

The trojan executes the following command:

  • %temp%\­Rem%variable%.TMP.exe -Curl a9e72fc9 -MpX70000011

Please enable Javascript to ensure correct displaying of this content and refresh this page.