Win32/TrojanDownloader.Unruy [Threat Name] go to Threat
Win32/TrojanDownloader.Unruy.CE [Threat Variant Name]
Category | trojan |
Size | 29702 B |
Aliases | Trojan-Clicker.Win32.Cycler.akmy (Kaspersky) |
Win32.HLLC.Asdas.16 (Dr.Web) | |
W32/Cycler.V (Norman) |
Short description
Win32/TrojanDownloader.Unruy.CE is a trojan which tries to download other malware from the Internet.
Installation
The trojan does not create any copies of itself.
The following Registry entries are set:
- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
- "Check_Associations" = "No"
- "IgnoreDefCheck" = "Yes"
- "DisableFirstRunCustomize" = 2
- "RunOnceComplete" = 0
- "RunOnceHasShown" = 0
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
- "Check_Associations" = "No"
- "IgnoreDefCheck" = "Yes"
- "DisableFirstRunCustomize" = 2
- "RunOnceComplete" = 0
- "RunOnceHasShown" = 0
- "Enable Browser Extensions" = "yes"
The trojan may create the following files:
- %programfiles%\%variable%.dat
A string with variable content is used instead of %variable% .
Other information
The trojan contains a list of (3) URLs. It tries to download a file from the addresses. The HTTP protocol is used.
The file is stored in the following location:
- %temp%\ctv%variable%.exe
A string with variable content is used instead of %variable% .
The file is then executed.
It can send various information about the infected computer to an attacker.
The following information is collected:
- computer name
- operating system version
- volume serial number