Win32/Paskod [Threat Name] go to Threat

Win32/Paskod.B [Threat Variant Name]

Category trojan
Size 81920 B
Detection created Aug 04, 2014
Detection database version 10200
Aliases Variant.VBInject.11 (BitDefender)
Short description

Win32/Paskod.B is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


The following Registry entries are set:

  • [HKEY_CURRENT_USER\­Software\­VB and VBA Program Settings\­joiie\­coboo]
    • "ubond1" = "1"
    • "ubond2" = "1"
Other information

The trojan contains a list of (14) URLs. It tries to download several files from the addresses. The HTTP protocol is used.


These are stored in the following locations:

  • %temp%\­cjjqgq.tmp
  • %temp%\­cjjqgq.exe
  • %programfiles%\­bjjc.exe
  • %programfiles%\­ycnnfaf.exe
  • %programfiles%\­ywccqgem.exe
  • %programfiles%\­qccuztgmk.exe
  • %userprofile%\­Start Menu\­Programs\­Startup\­ogmbt.exe

The trojan executes the following files:

  • %temp%\­cjjqgq.exe
  • %programfiles%\­bjjc.exe
  • %programfiles%\­ycnnfaf.exe
  • %programfiles%\­ywccqgem.exe
  • %programfiles%\­qccuztgmk.exe

The trojan interferes with the operation of some security applications to avoid detection.

Please enable Javascript to ensure correct displaying of this content and refresh this page.