Win32/Qadars [Threat Name] go to Threat
Win32/Qadars.AZ [Threat Variant Name]
Category | trojan |
Size | 241152 B |
Aliases | Trojan.Win32.Yakes.qpxg (Kaspersky) |
Trojan.PWS.Qadars.50 (Dr.Web) |
Short description
Win32/Qadars.AZ is a trojan which tries to download other malware from the Internet.
Installation
The trojan does not create any copies of itself.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan generates various URL addresses. The HTTPS protocol is used in the communication.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- run executable files
The trojan can create and run a new thread with its own program code within the following processes:
- %system%\svchost.exe
The trojan may execute the following commands:
- %system%\netsh.exe advfirewall firewall add rule name="svchost.exe" dir=in action=allow program="%s\svchost.exe" enable=yes
- %system%\cmd.exe /c "%malwarefilepath%"
The trojan may display the following fake dialog boxes: