|Detected||Oct 17 2004 11:51 GMT|
|Released||Oct 17 2004 11:51 GMT|
|Published||Apr 03 2006 11:26 GMT|
The Trojan program installs other files and programs to the victim machine without the user's knowledge or consent. The main Trojan file is a Windows PE EXE file 153719 bytes in size, packed using UPX. The unpacked file is approximately 222KB in size.
When launched, the Trojan creates a folder called "Winad Client" and drops the follwoing files to this folder:
The Winad.exe file will be registered in the system registry in order to ensure that it is launched each time Windows is rebooted on the victim machine.
The files dropped to the victim machine will then be launched for execution.
Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.
This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).
Such programs are used by hackers to: