Win32/TrojanDownloader.Elenoocka [Threat Name] go to Threat

Win32/TrojanDownloader.Elenoocka.A [Threat Variant Name]

Category trojan
Size 102912 B
Detection created May 06, 2014
Signature database version 10022
Aliases Trojan.Win32.Yakes.eobz (Kaspersky)
  Troj/Agent-AGYH (Sophos)
  TrojanDownloader:Win32/Upatre.Z (Microsoft)
Short description

Win32/TrojanDownloader.Elenoocka.A is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


The following files are dropped into the %temp% folder:

  • termp_cab_%variable%.cab (2785 B)
  • %malwarefilename%.doc (8661 B)

The trojan executes the following files:

  • %temp%\­%malwarefilename%.doc

The following text is displayed: $_text$

The trojan creates and runs a new thread with its own program code within the following processes:

  • %malwarefilepath%
Other information

The trojan contains a list of (6) URLs. It tries to download several files from the addresses.


These are stored in the following locations:

  • %currentfolder%\­¬≠update_%variable%.exe

The files are then executed. The HTTP protocol is used.


A string with variable content is used instead of %variable% .


The trojan checks for Internet connectivity by trying to connect to the following addresses:

  • windowsupdate.microsoft.com

Please enable Javascript to ensure correct displaying of this content and refresh this page.