SecurityHome.eu Infostealer.Rezbau

Home / malware PDF

Infostealer.Rezbau

First posted on 21 February 2014.
Source: Symantec
Aliases :
There are no other names known for Infostealer.Rezbau.
Explanation :
The Trojan is spread through spam emails.

When the Trojan is executed, it copies itself to the following location:
%UserProfile%\Startup\[THREAT FILE NAME].exe

Note: [THREAT FILE NAME] may be any of the following legitimate file names:
CyCpIo.exeCyHidWin.exelauncher.exe
The Trojan gathers the following information from the compromised computer:
CPU informationHost nameInstalled programsOperating system informationStartup informationTimezoneUser nameScreenshots

The Trojan may then send the gathered information to the following remote locations:
46.166.162.14746.4.69.25
Last update 21 February 2014

TOP

Malware :

Backdoor.WinCE.Brador.A
WinCE.Dust.A
Backdoor:WinCE/PhoneCreeper.A
Dialer:WinCE/Terdial.A
Trojan:WinCE/Terdial

Last 20

Family:

Infostealer.Jackpos
Infostealer.Steamilik
Infostealer.Ragua
Infostealer.Dyranges
Infostealer.Nuknuken
Infostealer.Decebal
Infostealer.Kwerti!g1
Infostealer.Steem
Infostealer.Retgate
Infostealer.Napolar!g1