Win32/TrojanDownloader.Vespula [Threat Name] go to Threat

Win32/TrojanDownloader.Vespula.AY [Threat Variant Name]

Category trojan
Size 35192 B
Detection created May 01, 2012
Detection database version 7100
Aliases Rojan.Win32.Inject.fjaq (Kaspersky)
  TrojanDownloader:Win32/Karagany.I (Microsoft)
  Win32:Cutwail-BM (Avast)
Short description

Win32/TrojanDownloader.Vespula.AY is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


The trojan executes the following files:

  • %malwarefilepath%

The trojan creates and runs a new thread with its own code within these running processes.

Other information

Win32/TrojanDownloader.Vespula.AY is a trojan which tries to download other malware from the Internet.


The trojan contains a list of (5) URLs.


It tries to download several files from the addresses.


These are stored in the following locations:

  • %temp%\­~!#LD%variable%.tmp

The files are then executed. The HTTP protocol is used.


A string with variable content is used instead of %variable% .


The trojan then removes itself from the computer.


The trojan may execute the following commands:

  • cmd.exe /c ping -n 1 -w 2000 192.168.123.254 > nul & del %malwarefilepath%

Please enable Javascript to ensure correct displaying of this content and refresh this page.