Home / malware TrojanDownloader:Win32/Waledac.I
First posted on 06 August 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Waledac.I is also known as TR/Crypt.ZPACK.Gen (Avira), Trojan.DownLoad.41551 (Dr.Web), Win32/TrojanDownloader.Bredolab.AN (ESET), Trojan.Win32.FakeAV (Ikarus), TrojanDownloader:Win32/Waledac.I (Microsoft), Mal/FakeAV-EE (Sophos), TrojanDownloader:Win32/Fitmu.A (other).
Explanation :
TrojanDownloader:Win32/Waledac.I is a trojan that attempts to download files from multiple locations.
Top
TrojanDownloader:Win32/Waledac.I is a trojan that attempts to download files from multiple locations. Payload Downloads and executes arbitrary filesWhen run, TrojanDownloader:Win32/Waledac.I de-obfuscates itself in memory; it then attempts to download the following files from the IP addresses 188.65.74.161 and 85.234.191.111.bat.exe - detected as TrojanSpy:Win32/Fitmu.A. mrmun_sgjlgdsjrthrtwg.exe - detected as Trojan:Win32/Winwebsec The files that it downloads are then written to "%windir%\Temp\_ex-<two random digits>.exe". Once downloaded, the trojan executes these files.
Analysis by Dan KurcLast update 06 August 2010
