Win32/Potao [Threat Name] go to Threat
Win32/Potao.D [Threat Variant Name]
| Category | trojan |
| Size | 125952 B |
Short description
Win32/Potao.D is a trojan which tries to download other malware from the Internet.
Installation
When executed the trojan drops in folder %appdata%\Microsoft\ the following file:
- %variable%.dll
A string with variable content is used instead of %variable% .
In order to be executed on every system start, the trojan sets the following Registry entries:
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "%variable%" = "rundll32.exe %appdata%\Microsoft\%variable% ,%variable%"
The trojan creates and runs a new thread with its own program code within the following processes:
- explorer.exe
- chrome.exe
- iexplore.exe
- Skype.exe
- Opera.exe
- firefox.exe
- uTorrent.exe
- safari.exe
Information stealing
The trojan collects the following information:
- information about the operating system and system settings
- CPU information
- computer name
The trojan attempts to send gathered information to a remote machine.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of (7) IP addresses. The HTTP protocol is used in the communication.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- run executable files