Home / malwarePDF  

Trojan:Win32/Collti.A


First posted on 14 September 2012.
Source: Microsoft

Aliases :

Trojan:Win32/Collti.A is also known as Trojan-Spy.Win32.Kaidos.g (Kaspersky), TrojanSpy.Kaidos!oXFSUrNZJjk (VirusBuster), TR/Collti.A.5 (Avira), Gen:Variant.Graftor.40190 (BitDefender), Trojan-Spy.Win32.Kaidos (Ikarus).

Explanation :



Trojan:Win32/Collti.A is a DLL file that can be used as a component for other malware.



Installation

Trojan:Win32/Collti.A is a file that can be bundled with other malware and act as one of its components. It may have the file name "CollecterLib_Win32.dll".



Payload

Steals information about your computer

Trojan:Win32/Collti.A can collect the following information, and send to the remote server "xiaochencc.com" or "sdo.com":

  • Application ID
  • Browsing history
  • Channel
  • Computer name
  • CPU ID
  • CPU name
  • Current date/ and time
  • Device ID
  • Hard Disk ID
  • IP address
  • MAC address
  • Mainboard code
  • Mainboard name
  • Operating system version
  • Registry keys
  • Running processes
  • SDK version
  • Session ID
  • User name
  • Windows Security Identifier (SID)


Disables security applications

Trojan:Win32/Collti.A disables the security application "360SE" if you have it installed in your computer.



Analysis by Marianne Mallen

Last update 14 September 2012

 

TOP