Home / malwarePDF  

Trojan.Clicker.Small.AD


First posted on 21 November 2011.
Source: BitDefender

Aliases :

There are no other names known for Trojan.Clicker.Small.AD.

Explanation :

Trojan.Clicker.Small.AD writes in Windows Directory "sys32exploer.dll", which is a usermode trojan, used to hide the malware process and its associated registry entries.
Creates a registry entry under
"HKLM\SOFTWARE\92LWP2OM8G\92LWP2OM8G", which will be used when getting future files from the internet.
Copies itself in windows directory under the name "service32.exe" and adds that file to startup.

The malware hijacks explorer.exe and connects to a site (ip 69.31.41.177)to get a file which contains an encrypted list of available executable files for aditional download.

After downloading the list, it downloads the files in there, one by one, executes them and then waits 1 min before going to next file and repeating the process.

Trojan aims to download other malware.

Last update 21 November 2011

 

TOP