Home / malware Trojan.Rincux
First posted on 27 August 2014.
Source: SymantecAliases :
There are no other names known for Trojan.Rincux.
Explanation :
When the Trojan is executed, it creates the following file:
%System%\vmware-vmx.exe
Next, the Trojan creates the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Test My Test 1.0\"Start" = "2"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Test My Test 1.0\"Description" = "This is Windows Test My Test Server 1.0"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Test My Test 1.0\"DisplayName" = "Windows Test My Test Server 1.0"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Test My Test 1.0\"ImagePath" = "%System%\vmware-vmx.exe"
The Trojan then connects to the following remote locations: www.chinaddos.org123.1.159.11343.252.230.85qq224015.3322.org
The Trojan may then perform the following actions: Download and execute filesUse the compromised computer to conduct distributed denial-of-service (DDoS) attacks
The Trojan may send the following information to its server:
Operating system versionCPU speedLast update 27 August 2014
