Home / malware TrojanDownloader:Win32/Zootuzmy.A
First posted on 11 June 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Zootuzmy.A.
Explanation :
Threat behavior
Installation
TrojanDownloader:Win32/Zootuzmy.A copies itself to c:\documents and settings\administrator\application data\wuaclt.exe.
Payload
Contacts remote hosts
TrojanDownloader:Win32/Zootuzmy.A can contact the following remote hosts:
- 118.163.14.217 using port 443
- 118.163.14.217 using port 1863
- 118.163.14.217 using port 8080
- amazon.otzo.com using port 80
- amazon.otzo.com using port 443
- amazon.otzo.com using port 8080
- yahoo.zzux.com using port 443
- yahoo.zzux.com using port 1863
- yahoo.zzux.com using port 12350
Commonly, malware contacts a remote host to:This malware description was produced and published using automated analysis of file SHA1 1d272f4e98b7e7d0649725ca04b268ba459d98c0.Symptoms
- Confirm Internet connectivity
- Report a new infection to its author
- Receive configuration or other data
- Download and run files (including updates and other malware)
- Receive instruction from a remote hacker
- Upload information taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\administrator\application data\wuaclt.exeLast update 11 June 2014
