Home / malware

PDF

TrojanDownloader:Win32/Harnig.gen!P

First posted on 18 May 2009.
Source: SecurityHome

Aliases :

TrojanDownloader:Win32/Harnig.gen!P is also known as Also Known As:Trojan-Downloader.Win32.Small.jrj (Kaspersky), Generic Downloader.x!bp (McAfee).

Explanation :

TrojanDownloader:Win32/Harnig.gen!P is a trojan that downloads and executes arbitrary files, including additional Harnig downloaders and variants of other malware families.

Symptoms
There are no obvious symptoms that indicate the presence of this malware on an affected machine.

TrojanDownloader:Win32/Harnig.gen!P is a trojan that downloads and executes arbitrary files, including additional Harnig downloaders and variants of other malware families.

Installation
TrojanDownloader:Win32/Harnig.gen!P may be downloaded or dropped by other malware.

Payload
Downloads and executes arbitrary filesTrojanDownloader:Win32/Harnig.gen!P tries to connect to a remote server to download files to the local machine and execute them. TrojanDownloader:Win32/Harnig.gen!P has been observed contacting the following hosts for this purpose:

adimsceibh.com

cgymwmlcaa.com

dglcxlcfmk.net

xabmiphabh.cn

chyaicpvxo.com

TrojanDownloader:Win32/Harnig.gen!P saves downloaded files to root of the C: directory with a randomly generated file name, such as cisx.exe, or mghvkss.exe, for example. Once downloaded, TrojanDownloader:Win32/Harnig.gen!P launches the files immediately. In the wild, Harnig has been observed downloading and executing the following malware in this manner:

Win32/Boaxxe

Win32/Rustock

Win32/Ertfor

Win32/Koobface

Analysis by Shawn Wang

Last update 18 May 2009

 

TOP