Home / malware TrojanDownloader:Win32/Unruy.O
First posted on 12 November 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Unruy.O is also known as BKDR_HUPIGON.TST (Trend Micro), Backdoor:Win32/PcClient.CM (Microsoft).
Explanation :
TrojanDownloader:Win32/Unruy.O is a trojan that connects to a specific website to download arbitrary files. In the wild, it is known to be distributed via an exploit discussed in Microsoft Security Advisory (2458511).
Top
TrojanDownloader:Win32/Unruy.O is a trojan that connects to a specific website to download arbitrary files. In the wild, it is known to be distributed via an exploit discussed in Microsoft Security Advisory (2458511). Installation When run, it creates the following mutexes:A37340FD-F043-41e3-9C16-2F2632387199 83D33F3A-9482-446f-ABFF-7B69D58C1634 It creates a list of processes that are currently running in the computer. If the process file is not in the Windows folder or subfolders (%windir% and its subfolders), it creates a copy of the file, which it names using the original file name but without an extension. For example it creates a copy of "foo.exe" as "foo". It sets the new file with the attribute "hidden". It then replaces the original file with a copy of itself. Payload Downloads arbitrary files TrojanDownloader:Win32/Unruy.O attempts to connect to various servers download arbitrary files. One of the servers it is known to connect to is:dns3-domain.com
Analysis by Andrei Florin SaygoLast update 12 November 2010
