Win32/TrojanDownloader.Ufraie [Threat Name] go to Threat

Win32/TrojanDownloader.Ufraie.B [Threat Variant Name]

Category trojan
Size 27648 B
Aliases Trojan-Downloader.Win32.Agent.gxod (Kaspersky)
  Downloader (Symantec)
Short description

Win32/TrojanDownloader.Ufraie.B is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.

Other information

The trojan connects to the following servers to obtain the current date and time:

  • yahoo.com
  • linux.org
  • microsoft.com
  • pool.ntp.org
  • 0.pool.ntp.org
  • 1.pool.ntp.org
  • 2.pool.ntp.org
  • googla.com

The trojan collects various information related to the operating system.


The following information is collected:

  • RAS accounts
  • operating system version
  • antivirus software detected on the affected machine
  • malware version

The trojan attempts to send gathered information to a remote machine.


The trojan contains an URL address.


It tries to download a file from the address.


The file is stored in the following location:

  • %temp%\­kr_done1

The file is then executed. The HTTP protocol is used.


The trojan affects the behavior of the following applications:

  • Windows Firewall
  • Windows Security Center Service

The trojan creates the following files:

  • %temp%\­uninst%variable%.bat

A string with variable content is used instead of %variable% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.