Win32/Trustezeb [Threat Name] go to Threat

Win32/Trustezeb.C [Threat Variant Name]

Category trojan
Size 69632 B
Aliases Trojan:Win32/Matsnu (Microsoft)
  GenericDropper!1uz.trojan (McAfee)
Short description

Win32/Trustezeb.C is a trojan which tries to download other malware from the Internet. The file is run-time compressed using UPX .


When executed, the trojan copies itself in some of the the following locations:

  • %appdata%\­%variable1%\­%variable2%.exe
  • %userprofile%\­%variable1%\­%variable2%.exe
  • %temp%\­%variable1%\­%variable2%.exe
  • %temp%\­%variable3%.pre

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%variable4%" = "%malwarefilepath%"

A string with variable content is used instead of %variable1-4% .

The trojan quits immediately if the executable file path contains one of the following strings in its path:

  • sand-box

The trojan creates and runs a new thread with its own program code within the following processes:

  • ctfmon.exe
  • explorer.exe
  • svchost.exe

The trojan displays the following dialog box:

Information stealing

The trojan collects the following information:

  • disk serial number (without spaces)
  • computer name

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (5) URLs. The HTTP, HTTPS, FTP protocol is used.

It can execute the following operations:

  • update itself to a newer version
  • download files from a remote computer and/or the Internet
  • run executable files

The trojan may create the following files:

  • %temp%\­%variable5%.ZL
  • %temp%\­%variable5%.ZL.$
  • %system%\­%variable5%.ZL
  • %system%\­%variable5%.ZL.$

A string with variable content is used instead of %variable5% .

The trojan may attempt to delete all files on the local drives.

The trojan may cause the operating system to crash.

Please enable Javascript to ensure correct displaying of this content and refresh this page.