SecurityHome.eu TrojanDownloader:Win32/Zawwi.A

Home / malware PDF

TrojanDownloader:Win32/Zawwi.A

First posted on 12 October 2015.
Source: Microsoft
Aliases :
There are no other names known for TrojanDownloader:Win32/Zawwi.A.
Explanation :
Threat behavior

Installation
This threat can create files on your PC, including:

%TEMP%\ytmp\t14835.bat

%TEMP%\ytmp\t14888.exe

Payload

Downloads malware or unwanted software

This threat can download other malware and unwanted software onto your PC, including VirTool:MSIL/Injector.GR.

We have seen it connect to the following remote host:

89.45..200

The downloaded file is saved and run from %TEMP%/lol.exe.

This malware description was published using automated analysis of file SHA1 8a4148ca107d60e0f430004b599b2ce1f94717ee.

Symptoms

The following can indicate that you have this threat on your PC:

You see a file similar to:
%TEMP%\ytmp\t14835.bat
%TEMP%\ytmp\t14888.exe

Last update 12 October 2015

TOP

Malware :

Backdoor.WinCE.Brador.A
WinCE.Dust.A
Backdoor:WinCE/PhoneCreeper.A
Dialer:WinCE/Terdial.A
Trojan:WinCE/Terdial

Last 20

Family:

TrojanDownloader:Win32/Zawwi.A