Win32/TrojanDownloader.Elenoocka [Threat Name] go to Threat
Win32/TrojanDownloader.Elenoocka.A [Threat Variant Name]
|Detection created||May 06, 2014|
|Signature database version||10022|
Win32/TrojanDownloader.Elenoocka.A is a trojan which tries to download other malware from the Internet.
The trojan does not create any copies of itself.
The following files are dropped into the %temp% folder:
- termp_cab_%variable%.cab (2785 B)
- %malwarefilename%.doc (8661 B)
The trojan executes the following files:
The following text is displayed: $_text$
The trojan creates and runs a new thread with its own program code within the following processes:
The trojan contains a list of (6) URLs. It tries to download several files from the addresses.
These are stored in the following locations:
The files are then executed. The HTTP protocol is used.
A string with variable content is used instead of %variable% .
The trojan checks for Internet connectivity by trying to connect to the following addresses: