Win32/Small.NSN [Threat Name] go to Threat

Win32/Small.NSN [Threat Variant Name]

Category trojan
Size 309342 B
Detection created Nov 12, 2018
Detection database version 18369
Aliases Trojan.Win32.Danti.t (Kaspersky)
  Trojan:Win32/Dynamer!rfn (Microsoft)
Short description

Win32/Small.NSN is a trojan designed to deliver various malware to the user's systems. The file is run-time compressed using UPX .

Installation

When executed, the trojan creates the following files:

  • %appdata%\­GoogleUpdate\­config.dat (52224 B)
  • %appdata%\­GoogleUpdate\­takshosts.exe (1536 B)
  • %appdata%\­GoogleUpdate\­update.exe (3584 B, Win32/Small.NSN)

The trojan may set the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "GoogleUpdate" = "%appdata%\­GoogleUpdate\­update.exe"

This way the trojan ensures that the file is executed on every system start.

Other information

The file "%appdata%\GoogleUpdate\config.dat" contains encrypted executable.


The file contains the program code of the following malware:

  • Win32/Agent.RZR

The file is then decrypted and executed.


The trojan executes the following files:

  • %appdata%\­GoogleUpdate\­takshosts.exe
  • %appdata%\­GoogleUpdate\­update.exe

The trojan creates and runs a new thread with its own program code within the following processes:

  • %appdata%\­GoogleUpdate\­takshosts.exe

The trojan is usually a part of other malware.

Please enable Javascript to ensure correct displaying of this content and refresh this page.