Home > Threat descriptions >

InService.gi

Classification

Category: Malware

Type: Trojan

Aliases: InService.gi, Trojan-Downloader.Win32.InService.gi

Summary


Trojan-Downloader.Win32.Inservice.gi is a trojan that downloads and executes three files from the web.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


The trojan downloader's file is 13824 bytes long PE executable. It has not been packed by any executable compressor.

It contains a small script engine that the trojan uses to execute a script embedded in the trojan body. The script downloads three files from the domain 'ddl-help.info'. We have reported the abuse to the ISP hosting the website.

The files are stored into the following locations:

%TEMP%/mute[randomnumber].exe
%TEMP%/volume[randomnumber].exe
%TEMP%/bass[randomnumber].exe
 

For example:

C:\Documents and Settings\user\Local Settings\Temp\mute41.exe
 

The downloaded files are detected as 'Trojan-Downloader.Win32.Centim.ao', 'Trojan-Downloader.Win32.Agent.mz' and 'Trojan-Dropper.Win32.Agent.jw'.