Win32/TrojanDownloader.Small.OVG [Threat Name] go to Threat

Win32/TrojanDownloader.Small.OVG [Threat Variant Name]

Category trojan
Size 20480 B
Aliases (Kaspersky)
  Downloader-AWM.gen.c.trojan (McAfee)
  TrojanDownloader:Win32/Harnig.S (Microsoft)
Short description

Win32/TrojanDownloader.Small.OVG is a trojan which tries to download other malware from the Internet. The file is run-time compressed using UPX .


The trojan does not create any copies of itself.

The trojan launches the following processes:

  • %system%\­svchost.exe

The trojan creates and runs a new thread with its own program code within the following processes:

  • explorer.exe
  • svchost.exe
Information stealing

The trojan collects the following information:

  • volume serial number

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan contains a list of (26) URLs.

It tries to download several files from the addresses.

These are stored in the following locations:

  • %temp%\­glmnwe.exe
  • %temp%\­djjq.exe
  • %temp%\­nnmj.exe
  • %temp%\­gnppgc.exe
  • %temp%\­nogcets.exe
  • %temp%\­regihe.exe
  • %temp%\­mmfbvjh.exe
  • %temp%\­pfbcya.exe
  • %temp%\­ivslcfi.exe
  • %temp%\­lynaki.exe
  • %temp%\­mrqlb.exe
  • %temp%\­%variable1%
  • %temp%\­%variable2%

The files are then executed. The HTTP protocol is used.

A string with variable content is used instead of %variable1-2% .

The trojan then removes itself from the computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.