Win32/Indiloadz [Threat Name] go to Threat

Win32/Indiloadz.C [Threat Variant Name]

Category trojan
Size 6720007 B
Detection created Dec 03, 2016
Detection database version 14547
Short description

Win32/Indiloadz.C is a trojan designed to deliver various adware/potentially unwanted applications to the user's systems. The trojan can interfere with the operation of certain applications.

Installation

When executed, the trojan creates the following files:

  • %temp%\­_ir_sf_temp_%variable%\­irsetup.exe (1388544 B)
  • %temp%\­_ir_sf_temp_%variable%\­lua5.1.dll (329944 B)
  • %temp%\­_ir_sf_temp_%variable%\­irsetup.dat (134383 B)
  • %temp%\­_ir_sf_temp_%variable%\­IRIMG1.JPG (2362 B)
  • %temp%\­_ir_sf_temp_%variable%\­IRIMG2.JPG (29054 B)
  • %temp%\­_ir_sf_temp_%variable%\­dxdiag.enc (20488 B)
  • %temp%\­_ir_sf_temp_%variable%\­cubecc.enc (24608 B)
  • %temp%\­_ir_sf_temp_%variable%\­EE.enc (1171976 B)
  • %temp%\­_ir_sf_temp_%variable%\­wait.enc (12296 B)
  • %temp%\­_ir_sf_temp_%variable%\­windows.enc (4428904 B)
  • %temp%\­dxdiag.exe (20480 B, Win32/Indiloadz.C)
  • %temp%\­CodecFixDivx.exe (1171968 B, Win32/IStartSurf.BF)
  • %temp%\­wait.exe (12288 B, Win32/Indiloadz.C)
  • %temp%\­cubecc.exe (24606 B, Win32/Indiloadz.C)
  • %temp%\­windows.exe (4428896B, Win32/Kryptik.FKYV)

A string with variable content is used instead of %variable% .


The trojan executes the following files:

  • %temp%\­_ir_sf_temp_%variable%\­irsetup.exe "_IRAOFF:1790722" "__IRAFN:%malwarefilepath%" "__IRCT:0" "__IRTSS:0" "__IRSID:%usersid%"
  • %temp%\­dxdiag.exe (20480 B, Win32/Indiloadz.C)
  • %temp%\­CodecFixDivx.exe (1171968 B, Win32/IStartSurf.BF)
  • %temp%\­wait.exe (12288 B, Win32/Indiloadz.C)
  • %temp%\­windows.exe (4428896 B, Win32/Kryptik.FKYV)
  • %temp%\­cubecc.exe (24606 B, Win32/Indiloadz.C)

The trojan then deletes following files:

  • %temp%\­_ir_sf_temp_%variable%\­irsetup.exe
  • %temp%\­_ir_sf_temp_%variable%\­lua5.1.dll
  • %temp%\­_ir_sf_temp_%variable%\­IRIMG1.JPG
  • %temp%\­_ir_sf_temp_%variable%\­IRIMG2.JPG
  • %temp%\­_ir_sf_temp_%variable%\­EE.enc
Other information

The trojan alters the behavior of the following processes:

  • %temp%\­CodecFixDivx.exe
  • %temp%\­windows.exe

It can execute the following operations:

  • simulate user's input (clicks, taps)

Please enable Javascript to ensure correct displaying of this content and refresh this page.