Home / malware Trojan.Ladocosm
First posted on 28 February 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Ladocosm.
Explanation :
The Trojan may arrive on the computer through Downloader.Busadom.
When the Trojan is executed, it creates the following registry entry so that it runs every time Windows starts: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"WindowDbg Tools" = "rundll32.exe [THREAT FILE NAME].dll"
The Trojan then creates the following mutex: Global\9-9-99-999ABDF-6845-404F-350D-4567ABCDEE-4-E-66
Next, the Trojan connects to the following remote location: iad23s02-in-f33.1b100.net
The Trojan then gathers the following system information: Dynamic Host Configuration Protocol (DHCP) serverAdaptor nameAdaptor address
The Trojan may then perform the following actions: Download data, load it into memory, and execute itUse a HTTP tunnel to bypass security softwareLast update 28 February 2015
