Home / malware Infostealer.Ayufos
First posted on 12 March 2014.
Source: SymantecAliases :
There are no other names known for Infostealer.Ayufos.
Explanation :
When the Trojan is executed, it creates the following mutex:
f81b8f75-b017-447a-abc4-d80123e9b331
The Trojan then copies itself to the following location:
C:\Documents and Settings\All Users\Application Data\svchost.exe
Next, the Trojan connects to the following remote location: [http://]p://ultimatelogger.com/customers/ip.[REMOVED]
The Trojan may then steal the following information from the compromised computer: Account information from applications such as Pidgin, Filezilla, Open VPN and WinRarOS versionHost nameWindows product keyGlobal IP addressCountry
The Trojan may also perform the following activities: Capture screenshotsGather clipboard dataEnd processesDisable the firewallLog keystrokesHide the control panel
The Trojan then sends the stolen information through SSL connections to the following address:
aysuau13@yahoo.co.jpLast update 12 March 2014