Win32/TrojanDownloader.Nymaim [Threat Name] go to Threat
Win32/TrojanDownloader.Nymaim.BA [Threat Variant Name]
| Category | trojan |
| Size | 626688 B |
| Aliases | Trojan.Win32.Regsup.kyz (Kaspersky) |
| Trojan.Inject2.20729 (Dr.Web) | |
| TrojanDownloader:Win32/Silcon!rfn (Microsoft) |
Short description
Win32/TrojanDownloader.Nymaim.BA is a trojan which tries to download other malware from the Internet.
Installation
The trojan does not create any copies of itself.
The trojan creates the following file:
- %temp%\%variable1%
The trojan executes the following files:
- %windir%\system32\rundll32.exe -%variable2% %variable3%.dll
The trojan creates and runs a new thread with its own code within these running processes.
A string with variable content is used instead of %variable1-3% .
The trojan may create and run a new thread with its own program code within any running process.
Information stealing
The trojan collects the following information:
- user name
- computer name
- operating system version
- list of running processes
- language settings
- volume serial number
- screenshots
- digital certificates
The trojan attempts to send gathered information to a remote machine.
Other information
The trojan acquires data and commands from a remote computer or the Internet.
The trojan checks for Internet connectivity by trying to connect to the following servers:
- www.google.com
- www.microsoft.com
The trojan generates various URL addresses.
It tries to download a file from the addresses.
The file is then executed.
The trojan quits immediately if it is run within a debugger.