SecurityHome.eu Trojan.Downloader.Stration.F

Home / malware PDF

Trojan.Downloader.Stration.F

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Trojan.Downloader.Stration.F is also known as Email-Worm.Win32.Warezov, Trojan-Downloader:W32/Warezov, W32.Stration.
Explanation :
The trojan creates a file named sqhos32.wmf in %WINDIR% folder, file that contains some data the trojan uses. Then, it will create the following registry key in order to execute itself at each system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run: "lre"="%path_to_trojan%"

The trojan tries to download a file named 'module.exe' from http://eased{...}.com/et.exe.

When the link becomes available, it will execute the downloaded file, delete the startup registry key and mark itself for deletion at the next system startup.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20