Win32/TrojanDownloader.Zurgop [Threat Name] go to Threat
Win32/TrojanDownloader.Zurgop.AB [Threat Variant Name]
Category | trojan |
Size | 45056 B |
Aliases | Trojan.Win32.VBKrypt.etxe (Kaspersky) |
TrojanDownloader:Win32/Dofoil.D (Microsoft) | |
Backdoor.Trojan (Symantec) |
Short description
Win32/TrojanDownloader.Zurgop.AB is a trojan which tries to download other malware from the Internet. The file is run-time compressed using PEncrypt .
Installation
When executed, the trojan copies itself into the following location:
- %startup%\dxdiag.exe
The trojan creates and runs a new thread with its own program code within the following processes:
- svchost.exe
After the installation is complete, the trojan deletes the original executable file.
Other information
The trojan may create the following files:
- %startup%\%random%.dat
The %random% represents a random number.
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of (3) URLs. The HTTP protocol is used.
It may perform the following actions:
- download files from a remote computer and/or the Internet
- run executable files
- update itself to a newer version
- collect information about the operating system used
- send gathered information