|Detected||Mar 16 2006 02:39 GMT|
|Released||Mar 16 2006 02:39 GMT|
|Published||Aug 16 2006 13:33 GMT|
This Trojan downloads other files via the Internet without the knowledge or consent of the user.
The Trojan itself is a Windows PE EXE file, 2896 bytes in size, packed using FSG. The unpacked file is approximately 20KB in size.
When launched, if the file %System%\maxd64.exe is present on the victim machine, the Trojan will launch it for execution. If this file is not present, the Trojan will download a program from http://85.255.***.162/gdn***433.exe and save it to %Temp%\maxdd.game. The Trojan then copies the program to %System%\maxd64.exe and launches it for execution.
At the time of writing the link given above was non functional.
Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up.
Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page).
This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.