Home / malware Backdoor:Win32/Tosct.A
First posted on 29 February 2012.
Source: MicrosoftAliases :
Backdoor:Win32/Tosct.A is also known as TrojanDownloader:Win32/Small.AIP (other).
Explanation :
Backdoor:Win32/Tosct.A is a trojan that allows unauthorized access and control of an affected computer.
Top
Backdoor:Win32/Tosct.A is a trojan that allows unauthorized access and control of an affected computer.
Installation
Backdoor:Win32/Tosct.A may be installed by other malware and may be present as a file named "dlhost.exe".
Payload
Downloads and executes arbitrary files
The trojan attempts to connect to a particular IP address in order to download and execute a file on the computer. It has been observed contacting the following IP addresses:
- 205.159.83.91
- 209.233.16.84
- 210.105.192.223
When Backdoor:Win32/Tosct.A establishes a connection to the IP address, it downloads a file to the file location %TEMP%\iniet.exe and executes it.
Allows unauthorized remote access and control
Backdoor:Win32/Tosct.A opens a hidden command shell which can allow a remote attacker to execute commands.
Analysis by Amir Fouda and Shawn Wang
Last update 29 February 2012
