Home / malware TrojanDownloader:Win32/Plingky.B
First posted on 09 August 2011.
Source: SecurityHomeAliases :
There are no other names known for TrojanDownloader:Win32/Plingky.B.
Explanation :
Trojandownloader:Win32/Plingky.B is a trojan that downloads and executes applications from a certain domain. The domains and applications are specified in a configuration file.
Top
Trojandownloader:Win32/Plingky.B is a trojan that downloads and executes applications from a certain domain. The domains and applications are specified in a configuration file.
Installation
Trojandownloader:Win32/Plingky.B is dropped along with the following configuration file:
- %Temp%\install_config.tmp
It also creates the following registry entries:
In subkey: HKCU\Software\Microsoft\Direct3D\MostRecentApplication
Sets value: "Name"
With data: "<malware name>"
In subkey: HKLM\SOFTWARE\Macromedia
Sets value: "uid"
With data: "0"
Payload
Downloads other files
Trojandownloader:Win32/Plingky.B reads the contents of the configuration file dropped with it. This file contains a list of certain domains to connect to, and files to download. These files may be detected as other malware.
In the wild, Trojandownloader:Win32/Plingky.B has been known to connect to the following domains:
- tc.<removed>mh.com
- bofanggi.<removed>g.cn
- ku<removed>zip.com
- tuidl.0<removed>m.com
- neirong.fun<removed>ion.com
The files it has been known to download may have the following names:
- jm_setup_qvod.exe
- 360mohesetup.exe
- KuaiZip_setup_10034.exe
- 9158chat_sp3.exe
- FunshionInstall.exe
Analysis by Stefan Sellmer
Last update 09 August 2011
