Win32/Unruy [Threat Name] go to Threat

Win32/Unruy.AJ [Threat Variant Name]

Category trojan
Size 31371 B
Detection created Mar 19, 2015
Detection database version 11345
Aliases TrojanDownloader:Win32/Unruy.D (Microsoft)
  Trojan.DownLoad2.14387 (Dr.Web)
  Trojan.Gen (Symantec)
Short description

Win32/Unruy.AJ is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


The trojan creates the following files:

  • %programfiles%\­%variable%.dat

A string with variable content is used instead of %variable% .


The trojan creates and runs a new thread with its own program code within the following processes:

  • iexplore.exe
Information stealing

The trojan collects the following information:

  • information about the operating system and system settings
  • volume serial number
  • computer name
  • number of milliseconds that have elapsed since the system was started

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan contains a list of (5) URLs.


It tries to download a file from the addresses.


The file is stored in the following location:

  • %temp%\­ctv%variable%.exe

A string with variable content is used instead of %variable% .


The file is then executed. The HTTP protocol is used.


The trojan may create the following files:

  • %temp%\­lpo%variable%.tmp

A string with variable content is used instead of %variable% .


The trojan writes the following entries to the file:

  • @ECHO OFF
  • :REP
  • DEL %1
  • ping 192.185.%removed%.31 -n 1 -w 5000IF EXIST %1 GOTO REP
  • DEL %0

The file is then executed.


The trojan may redirect the user to the specific web sites.


The trojan contains the following text:

  • Bible 42:27 And as one of them opened his sack to give his ass provender inthe inn, he espied his money; for, behold, it was in his sack's mouth.

Please enable Javascript to ensure correct displaying of this content and refresh this page.