Win32/Pfoenic [Threat Name] go to Threat

Win32/Pfoenic.A [Threat Variant Name]

Category trojan
Size 233472 B
Detection created Sep 30, 2013
Detection database version 10016
Aliases TR/Graftor.119908.1 (Avira)
Short description

Win32/Pfoenic.A is a trojan which tries to download other malware from the Internet. The trojan is usually a part of other malware.

Installation

The trojan does not create any copies of itself.

Other information

The trojan receives data and instructions for further action from the Internet or another remote computer within its own network (botnet).


It uses its own P2P network for communication. The HTTP, TCP, UDP protocol is used.


The trojan opens UDP port 3413 .


The trojan opens a random TCP port.


The trojan checks for Internet connectivity by trying to connect to the following servers:

  • www.baidu.com

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • uninstall itself

The trojan hides its running process. It uses techniques common for rootkits.

Please enable Javascript to ensure correct displaying of this content and refresh this page.