Win32/Trontoz [Threat Name] go to Threat

Win32/Trontoz.C [Threat Variant Name]

Category trojan
Size 79872 B
Detection created Mar 02, 2015
Detection database version 11257
Short description

Win32/Trontoz.C is a trojan which tries to download other malware from the Internet.

Installation

When executed, the trojan copies itself into the following location:

  • %personal%\­micropot\­wonzy.exe

The following file is dropped in the same folder:

  • get.bat

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "Windom" = "%personal%\­micropot\­get.bat
Information stealing

The trojan collects the following information:

  • volume serial number
  • information about the operating system and system settings

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan contains a URL address.


It tries to download a file from the address.


The file is saved to one of the following folders:

  • %commonappdata%
  • %localappdata%

The following filename is used:

  • %variable%.exe

The file is then executed. The HTTP protocol is used in the communication.


A string with variable content is used instead of %variable% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.