Home / malware Trojan:Win32/Collti.A
First posted on 14 September 2012.
Source: MicrosoftAliases :
Trojan:Win32/Collti.A is also known as Trojan-Spy.Win32.Kaidos.g (Kaspersky), TrojanSpy.Kaidos!oXFSUrNZJjk (VirusBuster), TR/Collti.A.5 (Avira), Gen:Variant.Graftor.40190 (BitDefender), Trojan-Spy.Win32.Kaidos (Ikarus).
Explanation :
Trojan:Win32/Collti.A is a DLL file that can be used as a component for other malware.
Installation
Trojan:Win32/Collti.A is a file that can be bundled with other malware and act as one of its components. It may have the file name "CollecterLib_Win32.dll".
Payload
Steals information about your computer
Trojan:Win32/Collti.A can collect the following information, and send to the remote server "xiaochencc.com" or "sdo.com":
- Application ID
- Browsing history
- Channel
- Computer name
- CPU ID
- CPU name
- Current date/ and time
- Device ID
- Hard Disk ID
- IP address
- MAC address
- Mainboard code
- Mainboard name
- Operating system version
- Registry keys
- Running processes
- SDK version
- Session ID
- User name
- Windows Security Identifier (SID)
Disables security applications
Trojan:Win32/Collti.A disables the security application "360SE" if you have it installed in your computer.
Analysis by Marianne Mallen
Last update 14 September 2012
