Home / malwarePDF  

TrojanDownloader:Win32/Small.gen!AO


First posted on 20 April 2020.
Source: Microsoft

Aliases :

TrojanDownloader:Win32/Small.gen!AO is also known as Win32/TrojanDownloader.Banload.IE, W32/Downloader.TND.

Explanation :

TrojanDownloader:Win32/Small.gen!AO is a program that silently downloads and executes arbitrary files without the affected user's consent. Installation details and the files downloaded and executed may vary from instance to instance because of the generic nature of the detection. For example, one such file detected as TrojanDownloader:Win32/Small.gen!AO displayed the following characteristics: It was distributed as a Win32 packed executable of 28,672 bytes in size. When executed this trojan performs the following actions: Attempts to download and execute a file located at IP 70.147.30.110 (at the time of writing this remote file was not available). If successful the trojan stores the downloaded file locally as %windir%system svchots.exe. (Note the filename difference from the standard windows file svchost.exe). This file is then executed. Drops the file %windir%sysreq2.txt. The trojan uses this file to store the number of successful downloading attempts. The number is in ASCII format (for instance number 1 is represented by hex value 31h). Attempts to terminate the running process 'msconf.exe', which is normally associated with other malicious programs.   Analysis by Oleg Petrovsky

Last update 20 April 2020

 

TOP