F-Secure
Tools
Trojan:W32/Sacom.A
| Name : | Trojan:W32/Sacom.A |
| Size: | 46080 |
| Category: | Malware |
| Type: | Trojan |
| Platform: | W32 |
Summary
A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.
Details
File System Changes
Creates these files:
• %windir%\system32\comsa32.sys
• %windir%\Documents and Settings\[Username]\Local Settings\Temp\mta[Random Number].dll
Additional Details
This trojan attempts to contact the following domains:
The trojan is most probably attempting to download additional malware, or act as a silent advertisement clicker.
Registry
The trojan adds the following values to the registry.
These registry valued are encoded characters.
• jsactivity.com
• bfkq.com
• http://cnwebmastersblog.com/xabc/2.0/
• http://74.54.89.66/p0821/2.0/
• http://74.54.201.210/p0821/2.0/
• http://174.133.147.18/p0821/2.0/
• 74.54.201.210
• 74.55.37.210
• 74.54.89.66
• 174.133.126.2
The trojan is most probably attempting to download additional malware, or act as a silent advertisement clicker.
Registry
The trojan adds the following values to the registry.
• HKLM
• HKLM\SOFTWARE\Microsoft\WBEM
These registry valued are encoded characters.