Win32/TrojanDownloader.Unruy [Threat Name] go to Threat

Win32/TrojanDownloader.Unruy.BP [Threat Variant Name]

Category trojan
Size 25319 B
Aliases Trojan-Clicker.Win32.Cycler.ajug (Kaspersky)
  Downloader-BZH.trojan (McAfee)
  TrojanDownloader:Win32/Unruy.D (Microsoft)
  Win32:Cycler-J (Avast)
Short description

Win32/TrojanDownloader.Unruy.BP is a trojan which tries to download other malware from the Internet.


The trojan does not create any copies of itself.

The trojan quits immediately if it is run within a debugger.

The trojan terminates its execution if it detects that it's running in a specific virtual environment.

The trojan quits immediately if any of the following applications is detected:

  • Fiddler

The trojan quits immediately if it detects a running process containing one of the following strings in its name:

  • avp.exe
Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (3) URLs. The HTTP protocol is used.

It can execute the following operations:

  • download files from a remote computer and/or the Internet
  • run executable files
  • open a specific URL address
  • uninstall itself

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Internet Explorer\­Main]
    • "Enable Browser Extensions" = "yes"

Please enable Javascript to ensure correct displaying of this content and refresh this page.