Home / malware Downloader.Pengdoloder
First posted on 31 March 2015.
Source: SymantecAliases :
There are no other names known for Downloader.Pengdoloder.
Explanation :
When the Trojan is executed, it connects to the following location to check the internet connection:
www.microsoft.com
The Trojan may connect to the following locations and download a configuration file:
[http://]update.konamidata.com/test/new/ql/td/inde[REMOVED][http://]update.konamidata.com/test/zcj/td/inde[REMOVED][http://]update.konamidata.com/test/new0314/zcj/td/inde[REMOVED]
The Trojan saves the downloaded configuration file in the following location:
%Temp%\index.dat
Note: The configuration file contains a list of server addresses.
The Trojan may download and execute potentially malicious files from each server on the configuration file list.
Note: The Trojan saves the downloaded files in the following location before executing them.
%Temp%\index.dat
The Trojan deletes the following file:
%Temp%\index.datLast update 31 March 2015