Home / malware

PDF

TrojanDownloader:Win32/Popal.A

First posted on 29 October 2014.
Source: Microsoft

Aliases :

There are no other names known for TrojanDownloader:Win32/Popal.A.

Explanation :

Threat behavior

Installation

TrojanDownloader:Win32/Popal.A creates the following files on your PC:

• %windir%\assembly\nativeimages_\temp\zap10.tmp\system.data.services.dll
• c:\documents and settings\administrator\local settings\temp\pop3.exe

Payload

Contacts remote host

TrojanDownloader:Win32/Popal.A might contact a remote host at www.menaon.com using port 80. Commonly, malware does this to:

• Report a new infection to its author
• Receive configuration or other data
• Download and run files, including updates or other malware
• Receive instructions from a remote hacker
• Upload data taken from your PC

This malware description was produced and published using automated analysis of file SHA1 f97423924f6deac586cb19e59879955959019029.Symptoms

System changes

The following could indicate that you have this threat on your PC:

• You have these files:
  
  %windir%\assembly\nativeimages_v2.0.50727_32\temp\zap10.tmp\system.data.services.dll
  c:\documents and settings\administrator\local settings\temp\pop3.exe

Last update 29 October 2014

 

TOP