SecurityHome.eu Trojan:Win32/Urausy.D

Home / malware PDF

Trojan:Win32/Urausy.D

First posted on 08 May 2013.
Source: Microsoft
Aliases :
There are no other names known for Trojan:Win32/Urausy.D.
Explanation :

Installation

This trojan drops the following files:

%APPDATA% \skype.dat - copy of itself

%APPDATA% \skype.ini - data file it uses

It creates the following registry entry so that it runs every time Windows starts:

In subkey: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Sets value: shell
With data: explorer.exe,%APPDATA%\skype.dat

Payload

Prevents computer access

Trojan:Win32/Urausy.D displays a full screen image that prevents you from accessing your computer. The image it shows depends on your computer's language locale. Some of the servers it is known to connect to are:

ckza.ru

efdp.su

Analysis by Daniel Radu

Last update 08 May 2013

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Family:

Trojan:Win32/Urausy.C
Trojan:Win32/Urausy.E
Trojan:Win32/Urausy.A
Trojan:Win32/Urausy.D