Home / malware
First posted on 24 April 2020.
Trojan:Win32/Conhook.D is also known as Trojan-Downloader.Win32.Tiny.id, Generic Downloader.z, W32/Tiny.AHW, Trojan-Downloader.Win32.Tiny.id, Trojan.Vundo.
Trojan:Win32/Conhook.D attempts to download content from a remote Web site. Trojan:Win32/Conhook.D injects its code into running processes which could, depending on configuration, allow the Trojan to bypass permission-based firewalls in order to gain Internet access. When Trojan:Win32/Conhook.D is run, it performs the following actions: Modifies the following registry entry:
Set "(default)" = "4877f10167414601835343328a816dfa"
In subkey: HKEY_CURRENT_USERSOFTWAREMicrosoftCAC
Set "ProxyBypass" = "1"
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsoneMap Connects to a remote Web site to download content using a server-side script
Last update 24 April 2020