Win32/TrojanDownloader.Tiny.NMK [Threat Name] go to Threat

Win32/TrojanDownloader.Tiny.NMK [Threat Variant Name]

Category trojan
Size 7168 B
Detection created Oct 28, 2015
Detection database version 12481
Aliases Trojan-Downloader.Win32.Agent.hghe (Kaspersky)
  Downloader (Symantec)
  Trojan.DownLoader17.37896 (Dr.Web)
Short description

Win32/TrojanDownloader.Tiny.NMK is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


In order to be executed on every system start, the trojan sets the following Registry entries:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "FlashWin" = "%malwarefilepath%"

It creates other Registry entries:

  • [HKEY_CURRENT_USER\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­WinAdobe]
Other information

The trojan contains a list of (3) URLs.


It tries to download several files from the addresses.


The files are stored in the following locations:

  • %appdata%\­%variable%.exe

The files are then executed. The HTTP protocol is used in the communication.


A string with variable content is used instead of %variable% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.