Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Virus:TR/Dldr.Dofoil.qty
Date discovered:13/08/2013
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:45.056 Bytes
MD5 checksum:ab9a66a35901eb2e570813baf547f1f6
VDF version:7.11.96.144 - Tuesday, August 13, 2013
IVDF version:7.11.96.144 - Tuesday, August 13, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan-Downloader.Win32.Dofoil.qty
   •  Fortinet: W32/Dofoil.PHY!tr


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Third party control
   • Downloads files
   • Drops a file


Right after execution it runs a windows application which will display the following window:


 Files The following file is created:

%malware execution directory%\%executed file%.txt This is a non malicious text file with the following content:
   • RECIPIENT: Mark Smith
     LOCATION OF YOUR PARCEL: Los Angeles
     STATUS OF YOUR ITEM: not delivered
     SERVICE: Standard Shipping
     ITEM NUMBER:U2342364242354-US
     INSURANCE: Yes

 Backdoor Contact server:
One of the following:
   • http://78.133.211.**********:443/%hex number%
   • http://92.60.192.**********:443/%hex number%
   • http://177.70.22.**********:8080/%hex number%
   • http://88.84.162.**********:587/%hex number%

As a result it may send information and remote control could be provided.

 Injection – It injects itself into a process.

    Process name:
   • %SYSDIR%\svchost.exe

   If successful, the malware process terminates while the injected part remains active.

 File details Programming language:
The malware program was written in MS Visual C++.

Descrizione inserita da Andrei Gherman su martedì 13 agosto 2013
Descrizione aggiornata da Andrei Gherman su martedì 13 agosto 2013

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.