Win32/Qadars [Threat Name] go to Threat

Win32/Qadars.AZ [Threat Variant Name]

Category trojan
Size 241152 B
Aliases Trojan.Win32.Yakes.qpxg (Kaspersky)
  Trojan.PWS.Qadars.50 (Dr.Web)
Short description

Win32/Qadars.AZ is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan generates various URL addresses. The HTTPS protocol is used in the communication.


It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files

The trojan can create and run a new thread with its own program code within the following processes:

  • %system%\­svchost.exe

The trojan may execute the following commands:

  • %system%\­netsh.exe advfirewall firewall add rule name="svchost.exe" dir=in action=allow program="%s\­svchost.exe" enable=yes
  • %system%\­cmd.exe /c "%malwarefilepath%"

The trojan may display the following fake dialog boxes:

Please enable Javascript to ensure correct displaying of this content and refresh this page.