Home / malware

PDF

Trojan:Win32/Teazodo.A!dll

First posted on 02 September 2010.
Source: SecurityHome

Aliases :

Trojan:Win32/Teazodo.A!dll is also known as W32/Suspicious_Gen2.BAVLB (Norman), TR/Gendal.12288.CD (Avira), Trojan.Generic.4099215 (BitDefender), Trojan.DL.Win32.Undef.rld (Rising AV).

Explanation :

Trojan:Win32/Teazodo.A!dll is the main payload for the Teazodo family. It steals system information, which is then sent to a remote server.
Top

Trojan:Win32/Teazodo.A!dll is the main payload for the Teazodo family. It steals system information, which is then sent to a remote server. Installation Trojan:Win32/Teazodo.A!dll is dropped by Virus:Win32/Teazodo.A. It checks if it is currently running under the legitimate Windows process "svchost.exe". If it is not running under "svchost.exe", it copies itself as the following file:

%windir%\text.dll

It then injects itself to "svchost.exe". If it is running under "svchost.exe", it drops a configuration file as:

%TEMP%\{46C60C69-3B4F-4317-86FE-B0CC823AD384}.dat

Payload Steals system information Trojan:Win32/Teazodo.A!dll steals system information, such as: Operating system versions Service packs installed It sends its stolen information to a remote server. In the wild, a server it has been known to send information to is 115.68.57.24.

Analysis by Jingli Li

Last update 02 September 2010

 

TOP