Win32/TrojanDownloader.Tovkater [Threat Name] go to Threat

Win32/TrojanDownloader.Tovkater.HB [Threat Variant Name]

Category trojan
Size 186258 B
Detection created Nov 13, 2017
Detection database version 16401
Aliases Trojan-Downloader.Win32.Tovkater.aefi (Kaspersky)
  Trojan.InstallMonster.2411 (Dr.Web)
Short description

Win32/TrojanDownloader.Tovkater.HB is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


The trojan may create the following folders:

  • %temp%\­ns%variable%.tmp\­

A string with variable content is used instead of %variable% .


The trojan may create the following files:

  • %temp%\­ns%variable%.tmp\­crub.exe
  • %temp%\­ns%variable%.tmp\­cmutil.dll
  • %temp%\­ns%variable%.tmp\­colbact.dll
  • %temp%\­ns%variable%.tmp\­nsJSON.dll
  • %temp%\­ns%variable%.tmp\­INetC.dll
Other information

The trojan contains a list of (2) URLs.


It tries to download a file from the addresses.


The file is stored in the following location:

  • %temp%\­ns%variable%.tmp\­foerta88.exe

The file is then executed. The HTTP protocol is used in the communication.


The trojan then deletes following files:

  • %temp%\­ns%variable%.tmp\­crub.exe
  • %temp%\­ns%variable%.tmp\­cmutil.dll
  • %temp%\­ns%variable%.tmp\­colbact.dll
  • %temp%\­ns%variable%.tmp\­nsJSON.dll
  • %temp%\­ns%variable%.tmp\­INetC.dll
  • %temp%\­ns%variable%.tmp\­foerta88.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.