Win32/TrojanDownloader.Rottentu [Threat Name] go to Threat

Win32/TrojanDownloader.Rottentu.A [Threat Variant Name]

Category trojan
Size 1169920 B
Aliases Trojan-Downloader.Win32.Agent.hfuy (Kaspersky)
  TrojanDownloader:Win32/Detoforn.A (Microsoft)
  Downloader (Symantec)
  Trojan.DownLoader12.9709 (Dr.Web)
Short description

Win32/TrojanDownloader.Rottentu.A is a trojan which tries to download other malware from the Internet.


The trojan does not create any copies of itself.

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­SYSTEM\­ControlSet001\­Services\­SharedAccess\­Parameters\­FirewallPolicy\­StandardProfile\­AuthorizedApplications\­List]
    • "%malwarefilepath%" = "%malwarefilepath%:*:Enabled:Policy"
  • [HKEY_LOCAL_MACHINE\­SYSTEM\­ControlSet001\­Services\­SharedAccess\­Parameters\­FirewallPolicy\­StandardProfile\­GloballyOpenPorts\­List]
    • "6881:TCP" = "6881:TCP:*:Enabled:Policy"
Other information

The trojan tries to download a file from the Internet.

The file is then decrypted and executed.

The BitTorrent protocol is used.

The trojan opens TCP port 6881 .

Please enable Javascript to ensure correct displaying of this content and refresh this page.