Home / malware TrojanDownloader:Win32/Zeagle.C
First posted on 15 February 2012.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Zeagle.C.
Explanation :
TrojanDownloader:Win32/Zeagle.C is a trojan that silently downloads and installs other programs without the user's consent. This could include the installation of additional malware or malware components to an affected computer.
Top
TrojanDownloader:Win32/Zeagle.C is a trojan that silently downloads and installs other programs without the user's consent. This could include the installation of additional malware or malware components to an affected computer.
Installation
On execution, TrojanDownloader:Win32/Zeagle.C drops a DLL into the <system folder>; in the wild, we have observed the trojan dropping a file with either of the following names:
- dll.dll
- d_novo_dll.dll
Note: <system folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Payload
Downloads arbitrary files
The dropped DLL attempts to contact the website "realpetropoulos.gr" to download the following file:
- dire_expless_263.jpg - detected as Worm:Win32/Zeagle.A
Opens a browser window
TrojanDownloader:Win32/Zeagle.C opens a browser window to the following URL in an attempt to distract the user:
- youtube.com/watch?v=WbiqVE9uY7E)
Analysis by Matt McCormack
Last update 15 February 2012
