Win32/TrojanDownloader.Unruy [Threat Name] go to Threat

Win32/TrojanDownloader.Unruy.CE [Threat Variant Name]

Category trojan
Size 29702 B
Aliases Trojan-Clicker.Win32.Cycler.akmy (Kaspersky)
  Win32.HLLC.Asdas.16 (Dr.Web)
  W32/Cycler.V (Norman)
Short description

Win32/TrojanDownloader.Unruy.CE is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


The following Registry entries are set:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Internet Explorer\­Main]
    • "Check_Associations" = "No"
    • "IgnoreDefCheck" = "Yes"
    • "DisableFirstRunCustomize" = 2
    • "RunOnceComplete" = 0
    • "RunOnceHasShown" = 0
  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Internet Explorer\­Main]
    • "Check_Associations" = "No"
    • "IgnoreDefCheck" = "Yes"
    • "DisableFirstRunCustomize" = 2
    • "RunOnceComplete" = 0
    • "RunOnceHasShown" = 0
    • "Enable Browser Extensions" = "yes"

The trojan may create the following files:

  • %programfiles%\­%variable%.dat

A string with variable content is used instead of %variable% .

Other information

The trojan contains a list of (3) URLs. It tries to download a file from the addresses. The HTTP protocol is used.


The file is stored in the following location:

  • %temp%\­ctv%variable%.exe

A string with variable content is used instead of %variable% .


The file is then executed.


It can send various information about the infected computer to an attacker.


The following information is collected:

  • computer name
  • operating system version
  • volume serial number

Please enable Javascript to ensure correct displaying of this content and refresh this page.