Win32/MalPlurk [Threat Name] go to Threat
Win32/MalPlurk.A [Threat Variant Name]
| Category | trojan |
| Size | 22528 B |
| Aliases | Trojan-Downloader.Win32.FraudLoad.ziwc (Kaspersky) |
| TROJ_DLOAD.SP (TrendMicro) | |
| Downloader.Generic11.BEHM (AVG) |
Short description
The trojan serves as a backdoor. It can be controlled remotely.
Installation
The trojan does not create any copies of itself.
The following Registry entries are created:
- [HKEY_USERS\S-1-5-%variable%\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- "Load" = "%malwarepath%"
A string with variable content is used instead of %variable% .
This causes the trojan to be executed on every system start.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of (2) URLs. The HTTP protocol is used.
The trojan collects the following information:
- user name
- computer name
- operating system version
- computer IP address
It can execute the following operations:
- send the list of disk devices and their type to a remote computer
- download files from a remote computer and/or the Internet
- run executable files
- various file system operations
- send gathered information