Home / malware TrojanDownloader:Win32/Dofoil.X
First posted on 25 July 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Dofoil.X.
Explanation :
Threat behavior
Installation
TrojanDownloader:Win32/Dofoil.X copies itself to c:\documents and settings\administrator\application data\a0d6a4.exe.
Payload
Contacts remote hosts
TrojanDownloader:Win32/Dofoil.X may contact the following remote hosts using port 80:
- 0d09d0d2.dlaperylt.info
- 288e5e75.dlaperylt.info
- 8adddc90.dlaperylt.info
- 8d411406.dlaperylt.info
- a182eaa1.dlaperylt.info
Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 2985a046e0da803e9a393f08b15654619beaf9fe.Symptoms
- Confirm Internet connectivity
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\administrator\application data\a0d6a4.exeLast update 25 July 2014
