Home / malwarePDF  

TrojanDropper:Win32/Rochap.Q


First posted on 23 October 2010.
Source: SecurityHome

Aliases :

TrojanDropper:Win32/Rochap.Q is also known as W32/Rochap.A (Authentium (Command)), TR/Dldr.Small.AS (Avira), Trojan.MulDrop.48232 (Dr.Web), Trojan.Win32.Def.afz (Kaspersky), TROJ_LAMEWAR.VTG (Trend Micro).

Explanation :

TrojanDropper:Win32/Rochap.Q is a trojan that drops and installs TrojanDownloader:Win32/Rochap.Q. It launches the default web browser and displays a video from the media site 'Youtube.com', presumably to distract the user from its malicious activities.
Top

TrojanDropper:Win32/Rochap.Q is a trojan that drops and installs TrojanDownloader:Win32/Rochap.Q. It launches the default web browser and displays a video from the media site 'Youtube.com', presumably to distract the user from its malicious activities. InstallationTrojanDropper:Win32/Rochap.Q may arrive in the computer as "secret_AVI.scr". When run, the trojan drops and installs the following file: <system folder>\dll.dll - detected as TrojanDownloader:Win32/Rochap.Q Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32. Payload Drops other malwareThe dropped DLL file connects to a remote website such as 'orthodoxie-oostende.org' to download additional files into the system. The downloaded file as of this writing is detected as Trojan:Win32/Rochap.D. While TrojanDownloader:Win32/Rochap.Q downloads a file, TrojanDropper:Win32/Rochap.Q launches the default web browser and displays a video from the media site 'Youtube.com', presumably to distract the user from its malicious activities. Below is an example of the image shown:

Analysis by Elda Dimakiling

Last update 23 October 2010

 

TOP