SecurityHome.eu Trojan:Win32/Cudofows.A

Home / malware PDF

Trojan:Win32/Cudofows.A

First posted on 02 June 2014.
Source: Microsoft
Aliases :
There are no other names known for Trojan:Win32/Cudofows.A.
Explanation :
Threat behavior

Installation

Trojan:Win32/Cudofows.A creates the following files on your PC:

c:\documents and settings\administrator\dbgeng.dll - detected as Trojan:Win32/Cudofows.A

c:\documents and settings\administrator\rundll32.exe

c:\documents and settings\administrator\set.ini

c:\documents and settings\administrator\local settings\application data\microsoft\internet explorer\recovery\active\{1077576d-c0f0-11e3-8379-00db7fa2100e}.dat

c:\documents and settings\administrator\local settings\application data\microsoft\internet explorer\recovery\active\recoverystore.{f4892b16-c0ef-11e3-8379-00db7fa2100e}.dat

c:\documents and settings\administrator\local settings\temp\~df12fb.tmp

c:\documents and settings\administrator\local settings\temp\~dfce66.tmp

c:\documents and settings\administrator\local settings\temp\iacup.dat

c:\documents and settings\administrator\local settings\temp\losivp.tmp

c:\documents and settings\administrator\local settings\temp\wg.dat

c:\documents and settings\administrator\local settings\temp\ixp000.tmp\dbgeng.dll - detected as Trojan:Win32/Cudofows.A

c:\documents and settings\administrator\local settings\temp\ixp000.tmp\rundll32.exe

c:\documents and settings\administrator\local settings\temp\ixp000.tmp\set.ini

Payload

Contacts remote host

Trojan:Win32/Cudofows.A might contact a remote host at 23.239.3.122 using port 80. Commonly, malware does this to:

Report a new infection to its author

Receive configuration or other data

Download and run files, including updates or other malware

Receive instructions from a remote hacker

Upload data taken from your PC

This malware description was produced and published using automated analysis of file SHA1 59d40b3d0e17736dfd48abcdebc7a2606b6dc150.Symptoms

System changes

The following could indicate that you have this threat on your PC:

You have these files:

c:\documents and settings\administrator\dbgeng.dll
c:\documents and settings\administrator\rundll32.exe
c:\documents and settings\administrator\set.ini
c:\documents and settings\administrator\local settings\application data\microsoft\internet explorer\recovery\active\{1077576d-c0f0-11e3-8379-00db7fa2100e}.dat
c:\documents and settings\administrator\local settings\application data\microsoft\internet explorer\recovery\active\recoverystore.{f4892b16-c0ef-11e3-8379-00db7fa2100e}.dat
c:\documents and settings\administrator\local settings\temp\~df12fb.tmp
c:\documents and settings\administrator\local settings\temp\~dfce66.tmp
c:\documents and settings\administrator\local settings\temp\iacup.dat
c:\documents and settings\administrator\local settings\temp\losivp.tmp
c:\documents and settings\administrator\local settings\temp\wg.dat
c:\documents and settings\administrator\local settings\temp\ixp000.tmp\dbgeng.dll
c:\documents and settings\administrator\local settings\temp\ixp000.tmp\rundll32.exe
c:\documents and settings\administrator\local settings\temp\ixp000.tmp\set.ini

Last update 02 June 2014

TOP

Malware :

Last 20

Family:

Trojan:Win32/Cudofows.A