Home / malware Infostealer.Odlanor
First posted on 22 September 2015.
Source: SymantecAliases :
There are no other names known for Infostealer.Odlanor.
Explanation :
When the Trojan is executed, it may create the following files:
%SystemDrive%\__pkrw_update.exe%SystemDrive%\__2.exe%SystemDrive%\__1.exe%SystemDrive%\e.exe
The Trojan may create the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"pkrw" = %SystemDrive%\[CREATED FILE]
The Trojan look for open windows for the following:
PokerStars
The Trojan takes screenshots of open PokerStars windows and sends the information to the following location:
[http://]bbsystems.info
The Trojan may also steal the following information and send it to the remote location:
Threat versionMicrosoft Windows versionHost nameUser name
The Trojan may also perform the following actions:
Download filesExecute filesUpdate filesDelete itselfLast update 22 September 2015
