Home / malware

PDF

Trojan:Win32/Waltrodock.A

First posted on 05 May 2012.
Source: Microsoft

Aliases :

Trojan:Win32/Waltrodock.A is also known as Darkwalt.b (McAfee), Downloader.a!b2o (McAfee), Mal/WDock-A (Sophos), Downloader.Darkmegi (Symantec), TROJ_DLOAD.QYUA (Trend Micro).

Explanation :

Trojan:Win32/Waltrodock.A is a trojan that attempts to download other malware from a remote website named "file.tellmegirl.com".

Installation
Trojan:Win32/Waltrodock.A is installed by TrojanDropper:Win32/Waltrodock.A and is present with other malware as the following:

• %systemroot%\System32\com32.dll - Trojan:Win32/Waltrodock.A
• %systemroot%\System32\drivers\com32.sys - Trojan:WinNT/Waltrodock.A

If "Internet Explorer" (iexplore.exe) is launched, Trojan:Win32/Waltrodock.A is injected into the process by Trojan:WinNT/Waltrodock.A.

Payload
Downloads other malware Trojan:Win32/Waltrodock.A attempts to download a file named "20120120.exe" from the domain "tellmegirl.com". At the time of this writing, the file is detected as Backdoor:Win32/Eayla.A.The trojan also attempts to download a configuration file name as "VersionKey.ini" into the Windows system folder, from the same domain.

Analysis by Vincent Tiu

Last update 05 May 2012

 

TOP