Home / malwarePDF  

Trojan.Otlard


First posted on 01 December 2015.
Source: Symantec

Aliases :

There are no other names known for Trojan.Otlard.

Explanation :

When the Trojan is executed, it creates the following files:
%System%\drivers\[RANDOM CHARACTERS].sys

The Trojan then creates the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\"[RANDOM CHARACTERS] ImagePath" = "%System%\drivers\[RANDOM CHARACTERS].sys"

The Trojan then creates the following mutex:
gootkit

The Trojan then injects its code into the following process:
svchost.exe

The Trojan then connects to the following URLs:
server10.ss2.nameserver1.ss2.namehbot.aswind.bizv00d00.orgheathen.ccTouKizu7oi4tobeD.comjaddf.comOyah9eeshaCei2ae.comRu7Noh8quoob8moh.comtaishous4nohshiY.comwahlae0ohGurae2t.com

Last update 01 December 2015

 

TOP