Win32/TrojanDownloader.Small.OVG [Threat Name] go to Threat

Win32/TrojanDownloader.Small.OVG [Threat Variant Name]

Category trojan
Size 20480 B
Detection created Mar 01, 2010
Detection database version 4906
Aliases Packed.Win32.Krap.ao (Kaspersky)
  Downloader-AWM.gen.c.trojan (McAfee)
  TrojanDownloader:Win32/Harnig.S (Microsoft)
Short description

Win32/TrojanDownloader.Small.OVG is a trojan which tries to download other malware from the Internet. The file is run-time compressed using UPX .

Installation

The trojan does not create any copies of itself.


The trojan launches the following processes:

  • %system%\­svchost.exe

The trojan creates and runs a new thread with its own program code within the following processes:

  • explorer.exe
  • svchost.exe
Information stealing

The trojan collects the following information:

  • volume serial number

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan contains a list of (26) URLs.


It tries to download several files from the addresses.


These are stored in the following locations:

  • %temp%\­glmnwe.exe
  • %temp%\­djjq.exe
  • %temp%\­nnmj.exe
  • %temp%\­gnppgc.exe
  • %temp%\­nogcets.exe
  • %temp%\­regihe.exe
  • %temp%\­mmfbvjh.exe
  • %temp%\­pfbcya.exe
  • %temp%\­ivslcfi.exe
  • %temp%\­lynaki.exe
  • %temp%\­mrqlb.exe
  • %temp%\­%variable1%
  • %temp%\­%variable2%

The files are then executed. The HTTP protocol is used.


A string with variable content is used instead of %variable1-2% .


The trojan then removes itself from the computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.