Win32/Ftirca [Threat Name] go to Threat

Win32/Ftirca.A [Threat Variant Name]

Category trojan
Size 143872 B
Aliases Trojan.Spy.Gen (McAfee)
  W32/IRCBot-based!Maximus (F-Prot)
  DLOADER.IRC.Trojan (Dr.Web)
Short description

The trojan serves as a backdoor. It can be controlled remotely.


The trojan does not create any copies of itself.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan connects to the following addresses:


The IRC, FTP protocol is used.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • send files to a remote computer
  • run executable files

The trojan may set the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "svchost" = "%malwarepath%"

This way the trojan ensures that the file is executed on every system start.

The trojan may create the following files:

  • %temp%\­wsu32.dat
  • %temp%\­from.bin

Please enable Javascript to ensure correct displaying of this content and refresh this page.