Home / malwarePDF  

TrojanDownloader:Win32/Taradorp.A


First posted on 18 June 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:Win32/Taradorp.A is also known as BackDoor-EPQ (McAfee), Trojan.Win32.Scar.caai (Kaspersky), TROJ_TARO.XZ (Trend Micro), Trojan:Win32/Taradorp.A (other).

Explanation :

TrojanDownloader:Win32/Taradorp.A is a malware that downloads an arbitrary file from the Internet. The downloaded file is presumably malicious in nature.
Top

TrojanDownloader:Win32/Taradorp.A is a malware that downloads an arbitrary file from the Internet. The downloaded file is presumably malicious in nature. Installation When run, TrojanDownloader:Win32/Taradorp.A copies itself into the Windows system folder and registers this copy as a Windows system service called "PMSservice". Its service description is "Protected Manager Service". Payload Downloads arbitrary files TrojanDownloader:Win32/Taradorp.A downloads the following file on a regular schedule:

  • update.winsdate.com/domestic/svchost.exe
  • The file is saved and run as "<system folder>\vssvc.dll". Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.

    Analysis by Jireh Sanico

    Last update 18 June 2010

     

    TOP