Home / malware TrojanDownloader:Win32/Ghodow.A
First posted on 26 May 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Ghodow.A is also known as Trojan-Downloader.Win32.Ghodow (Ikarus).
Explanation :
TrojanDownloader:Win32/Ghodow.A is the detection for trojan downloader code that is injected into a running process by VirTool:WinNT/Ghodow.A. The trojan downloader attempts to download and execute arbitrary files from a predefined remote Web site.
Top
TrojanDownloader:Win32/Ghodow.A is the detection for trojan downloader code that is injected into a running process by VirTool:WinNT/Ghodow.A. The trojan downloader attempts to download and execute arbitrary files from a predefined remote Web site. InstallationThis trojan downloader is installed by Trojan:Win32/Ghodow.A, and may be present with other Win32/Ghodow components as the following:%ProgramFiles%\msdn\atixx.sys - detected as VirTool:WinNT/Ghodow.A %ProgramFiles%\msdn\atixi.sys - detected as VirTool:WinNT/Ghodow.B %ProgramFiles%\msdn\000000000 - detected as TrojanDownloader:Win32/Ghodow.A TrojanDownloader:Win32/Ghodow.A will be injected by VirTool:WinNT/Ghodow.A to a chosen process. Payload Downloads and executes arbitrary filesTrojanDownloader:Win32/Ghodow.A connects to the remote Web site "ad.qvodcom.com" on TCP port 8881 in order to download and execute arbitrary files. At the time of this writing, the requested file was not available for analysis. Additional informationTrojan:Win32/Ghodow.A only attempts to affect Windows XP systems. For more information about Trojan:Win32/Ghodow.A, see the description elsewhere in the encyclopedia.
Analysis by Chun FengLast update 26 May 2010
