Win32/Urelas [Threat Name] go to Threat

Win32/Urelas.AD [Threat Variant Name]

Category trojan
Size 76435 B
Aliases Trojan.Win32.Swisyn.dfno (Kaspersky)
  Trojan:Win32/Urelas.AA (Microsoft)
  Trojan.DownLoader11.10698 (Dr.Web)
Short description

Win32/Urelas.AD is a trojan which tries to download other malware from the Internet. The file is run-time compressed using PEncrypt .


The trojan does not create any copies of itself.

Information stealing

The trojan collects the following information:

  • operating system version
  • installed software

The trojan attempts to send gathered information to a remote machine.

Other information

The trojan contains a list of (2) URLs.

It tries to download a file from the addresses.

The file is stored in the following location:

  • %system%\­gahest.exe

The file is then executed.

The TCP protocol is used.

The trojan then deletes following files:

  • %malwarefilepath%

The trojan keeps various information in the following files:

  • %temp%\­golfinfo.ini

Please enable Javascript to ensure correct displaying of this content and refresh this page.