Win32/Unruy [Threat Name] go to Threat
Win32/Unruy.AJ [Threat Variant Name]
| Category | trojan |
| Size | 31371 B |
| Aliases | TrojanDownloader:Win32/Unruy.D (Microsoft) |
| Trojan.DownLoad2.14387 (Dr.Web) | |
| Trojan.Gen (Symantec) |
Short description
Win32/Unruy.AJ is a trojan which tries to download other malware from the Internet.
Installation
The trojan does not create any copies of itself.
The trojan creates the following files:
- %programfiles%\%variable%.dat
A string with variable content is used instead of %variable% .
The trojan creates and runs a new thread with its own program code within the following processes:
- iexplore.exe
Information stealing
The trojan collects the following information:
- information about the operating system and system settings
- volume serial number
- computer name
- number of milliseconds that have elapsed since the system was started
The trojan attempts to send gathered information to a remote machine.
Other information
The trojan contains a list of (5) URLs.
It tries to download a file from the addresses.
The file is stored in the following location:
- %temp%\ctv%variable%.exe
A string with variable content is used instead of %variable% .
The file is then executed. The HTTP protocol is used.
The trojan may create the following files:
- %temp%\lpo%variable%.tmp
A string with variable content is used instead of %variable% .
The trojan writes the following entries to the file:
- @ECHO OFF
- :REP
- DEL %1
- ping 192.185.%removed%.31 -n 1 -w 5000IF EXIST %1 GOTO REP
- DEL %0
The file is then executed.
The trojan may redirect the user to the specific web sites.
The trojan contains the following text:
- Bible 42:27 And as one of them opened his sack to give his ass provender inthe inn, he espied his money; for, behold, it was in his sack's mouth.