Home / malware

PDF

TrojanDownloader:Win32/Obitel

First posted on 01 May 2009.
Source: SecurityHome

Aliases :

There are no other names known for TrojanDownloader:Win32/Obitel.

Explanation :

TrojanDownloader:Win32/Obitel is a detection for a component dropped by TrojanDownloader:Win32/Obitel.gen!A - a trojan that downloads and executes arbitrary files. This may include additional malware.

Symptoms
System ChangesThe following system changes may indicate the presence of this malware:

The presence of the following files:
<system folder>stus.exe
<system folder>userinit.exe

TrojanDownloader:Win32/Obitel is a detection for a component dropped by TrojanDownloader:Win32/Obitel.gen!A - a trojan that downloads and executes arbitrary files.

Installation
TrojanDownloader:Win32/Obitel is dropped by TrojanDownloader:Win32/Obitel.gen!A with a variable file name to the %Temp% folder; for example in1.tmp, in2.tmp, or ina.tmp.

Payload
Downloads and Executes Arbitrary FilesThe file detected as TrojanDownloader:Win32/Obitel contains a hard-coded list of URLs for the main downloading component, TrojanDownloader:Win32/Obitel.gen!A, to download and execute files from. These files may include additional malware. In the wild, Win32/Obitel has been observed contacting the following domains for this purpose:

auf-jeder.com

zarazza.cn

Analysis by Hong Jia

Last update 01 May 2009

 

TOP