Home / malware TrojanDownloader:Win32/Small.AIP
First posted on 27 February 2012.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Small.AIP.
Explanation :
TrojanDownloader:Win32/Small.AIP is a trojan that downloads additional files onto the compromised computer.
Top
TrojanDownloader:Win32/Small.AIP is a trojan that downloads additional files onto the compromised computer.
Installation
TrojanDownloader:Win32/Small.AIP has been observed using the file name "dlhost.exe". It does not install itself on the computer in any way.
Payload
Downloads and executes arbitrary files
The trojan attempts to connect to a particular IP address in order to download and execute a file on the computer. It has been observed contacting the following IP addresses:
- 205.159.83.91
- 209.233.16.84
- 210.105.192.223
When TrojanDownloader:Win32/Small.AIP establishes a connection to the IP address, it downloads a file to the file location %TEMP%\iniet.exe and executes it.
Analysis by Amir Fouda
Last update 27 February 2012
