Home / malware TrojanDownloader:Win32/Dofoil.S
First posted on 09 March 2018.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Dofoil.S.
Explanation :
TrojanDownloader:Win32/Dofoil.S is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.
Installation
When executed, TrojanDownloader:Win32/Dofoil.S copies itself to c:\documents and settings\administrator\start menu\programs\startup\kiaqas.exe.
Payload
Contacts remote hosts
TrojanDownloader:Win32/Dofoil.S may contact the following remote hosts using port 80:
- bm1.net.ua
- redsfs.net.ua
- sasv.ru
Commonly, malware may contact a remote host for the following purposes:
- To confirm Internet connectivity
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 115f511ffdc08ba0c9cb8f113174e22a16c54bee.Last update 09 March 2018
