Win32/Glupteba [Threat Name] go to Threat

Win32/Glupteba.AV [Threat Variant Name]

Category trojan
Size 620544 B
Aliases Trojan-Proxy.Win32.Glupteba.ptm (Kaspersky)
  Trojan:Win32/Carberp.BZ!bit (Microsoft)
Short description

The trojan serves as a proxy server.

Installation

The trojan does not create any copies of itself.


The following Registry entries are set:

  • [HKEY_CURRENT_USER\­SOFTWARE\­VDI\­Shared\­Product Updater]
    • "Value" = "20170327"
    • "GUID" = "%variable%"

A string with variable content is used instead of %variable% .

Other information

The trojan serves as a proxy server.


The trojan acquires data and commands from a remote computer or the Internet.


The trojan generates various URL addresses. The HTTP, TCP protocol is used in the communication.


The trojan checks for Internet connectivity by trying to connect to the following servers:

  • http://www.google.com
  • http://www.yandex.ru

Please enable Javascript to ensure correct displaying of this content and refresh this page.