|Detected||Jan 13 2006 18:26 GMT|
|Released||Jan 13 2006 18:26 GMT|
|Published||Apr 21 2006 13:34 GMT|
This Trojan is a Windows PE EXE file, written in Assembler. The infected file is 3584 bytes in size.
When launched, the program gets a list of processes launched on the system, and attempts to terminate processes with the names listed below:
Every second, it attempts to connect to core.***che-evolution.com. If a connection is established, the Trojan will send the following request to the server:
In response, the server will send an encrypted list of links to files on the Internet. The Trojan downloads these files, saves them to %WinDir% and then launches them for execution.
Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up.
Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page).
This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.