Win32/Kitkiot [Threat Name] go to Threat
Win32/Kitkiot.A [Threat Variant Name]
Category | trojan |
Size | 142848 B |
Detection created | Oct 08, 2015 |
Detection database version | 12377 |
Aliases | Trojan:Win32/Kitkiot.A (Microsoft) |
Short description
Win32/Kitkiot.A installs a backdoor that can be controlled remotely. The trojan is usually a part of other malware.
Installation
When executed, the trojan creates the following files:
- c:\windows\uioiugyah4.exe (129968 B, Win32/Kitkiot.A)
The file is then executed.
The trojan creates and runs a new thread with its own program code within the following processes:
- explorer.exe
The trojan attempts to delete the following file:
- c:\windows\system32\drivers\%malwarefilename%.sys
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of
- (6)
URLs. The TCP, HTTP protocol is used in the communication.
It can execute the following operations:
- perform DoS/DDoS attacks
- set up a proxy server
The trojan sends HTTP requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.