Home / malware Trojan.Woolerg
First posted on 10 June 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Woolerg.
Explanation :
When the Trojan is executed, it creates the following files: %Temp%\NTSuser.exe%Temp%\agent.exe%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\WinDefender.lnk%Temp%\[DROPPER FILE NAME].exe.pdf%Temp%\wsc.vbs
Next, the Trojan creates the following mutex: woolger
The Trojan then logs keystrokes and sends the gathered data to the following File Transfer Protocol (FTP) server: Server IP address: 107.6.181.116User name: administratorPassword: S@m!23456Last update 10 June 2015
