Home / malware TrojanDownloader:Win32/Phrovon.A
First posted on 31 July 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Phrovon.A is also known as Trojan-Downloader.Win32.Agent.dnho (Kaspersky).
Explanation :
TrojanDownloader:Win32/Phrovon.A is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.
Top
TrojanDownloader:Win32/Phrovon.A is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer. Installation TrojanDownloader:Win32/Phrovon.A creates the following files on an affected computer:
c:\documents and settings\administrator\local settings\temp\aunzip32.dll c:\documents and settings\administrator\local settings\temp\aut.bat c:\documents and settings\administrator\local settings\temp\azip32.dll c:\documents and settings\administrator\local settings\temp\geral.bat c:\documents and settings\administrator\local settings\temp\ki.exe c:\documents and settings\administrator\local settings\temp\msseces.exe c:\documents and settings\administrator\local settings\temp\uac.bat Payload Contacts remote hosts TrojanDownloader:Win32/Phrovon.A may contact the following remote hosts using port 80:
aquirecosmeticos.com.br www.aquirecosmeticos.com.br
Commonly, malware may contact a remote host for the following purposes:
- To confirm Internet connectivity
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 47a3009cb218d4a0c1e2c0c225850cb07109bfa4.Last update 31 July 2010
