Win32/Goriadu [Threat Name] go to Threat

Win32/Goriadu.AA [Threat Variant Name]

Category trojan
Size 315491 B
Aliases Trojan.Win32.Goriadu.hi (Kaspersky)
  Goriadu.trojan (McAfee)
  Trojan.Horse (Symantec)
Short description

Win32/Goriadu.AA is a trojan which tries to download other malware from the Internet. The trojan is probably a part of other malware.

Installation

The trojan does not create any copies of itself.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of 6 URLs. The HTTP protocol is used.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SYSTEM\­CurrentControlSet\­Services\­WinSock2\­speednet_sph]
    • "%variable1%" = "%systemroot%\­system32\­mswsock.dll"
    • "%variable2%" = "%systemroot%\­system32\­rsvpsp.dll"
    • "PathName" = "%variable3%"

A string with variable content is used instead of %variable1-3% .


The trojan may create the following files:

  • %appdata%\­MyIEData\­brudo.dat
  • %appdata%\­MyIEData\­main.ini

Please enable Javascript to ensure correct displaying of this content and refresh this page.