Home / malware

PDF

Downloader.Pengdoloder

First posted on 31 March 2015.
Source: Symantec

Aliases :

There are no other names known for Downloader.Pengdoloder.

Explanation :

When the Trojan is executed, it connects to the following location to check the internet connection:
www.microsoft.com
The Trojan may connect to the following locations and download a configuration file:
[http://]update.konamidata.com/test/new/ql/td/inde[REMOVED][http://]update.konamidata.com/test/zcj/td/inde[REMOVED][http://]update.konamidata.com/test/new0314/zcj/td/inde[REMOVED]
The Trojan saves the downloaded configuration file in the following location:
%Temp%\index.dat
Note: The configuration file contains a list of server addresses.

The Trojan may download and execute potentially malicious files from each server on the configuration file list.

Note: The Trojan saves the downloaded files in the following location before executing them.
%Temp%\index.dat
The Trojan deletes the following file:
%Temp%\index.dat

Last update 31 March 2015

 

TOP