Win32/Kitkiot [Threat Name] go to Threat

Win32/Kitkiot.A [Threat Variant Name]

Category trojan
Size 142848 B
Detection created Oct 08, 2015
Detection database version 12377
Aliases Trojan:Win32/Kitkiot.A (Microsoft)
Short description

Win32/Kitkiot.A installs a backdoor that can be controlled remotely. The trojan is usually a part of other malware.

Installation

When executed, the trojan creates the following files:

  • c:\­windows\­uioiugyah4.exe (129968 B, Win32/Kitkiot.A)

The file is then executed.


The trojan creates and runs a new thread with its own program code within the following processes:

  • explorer.exe

The trojan attempts to delete the following file:

  • c:\­windows\­system32\­drivers\­%malwarefilename%.sys
Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of

  • (6)

URLs. The TCP, HTTP protocol is used in the communication.


It can execute the following operations:

  • perform DoS/DDoS attacks
  • set up a proxy server

The trojan sends HTTP requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.

Please enable Javascript to ensure correct displaying of this content and refresh this page.