SecurityHome.eu Trojan.Yather

Home / malware PDF

Trojan.Yather

First posted on 12 March 2014.
Source: Symantec
Aliases :
There are no other names known for Trojan.Yather.
Explanation :
When the Trojan is executed, it creates the following folder:
%UserProfile%\Application Data\sjacdasbweourvn

The Trojan then creates the following files:%UserProfile%\Application Data\sjacdasbweourvn\kruohrflnh.exe%UserProfile%\Application Data\sjacdasbweourvn\nymgtpoqc.exe
Next, the Trojan creates the following registry entry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Application Locator Session Logs Redirector" = "%UserProfile%\Application Data\sjacdasbweourvn\nymgtpoqc.exe"

The Trojan then connects to the following remote location:
[http://]captainstrong.net/forum/searc[REMOVED]

The Trojan may then perform the following activities:
Download and execute files from remote locations
Last update 12 March 2014

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:W32/Qhost.JE
Trojan-Downloader:HTML/Agent.DY
Trojan.Cidox!kmem
Trojan.Ransomlock!g75
Trojan.Klovbot!gen2
Trojan.Poweliks!gm
Trojan.Shylock!gen9
Trojan-Dropper:W32/Agent.CMW
Trojan-Downloader:W32/Agent.TPF
Trojan:SymbOS/Bootton.I