Win32/Idsohtu [Threat Name] go to Threat

Win32/Idsohtu.J [Threat Variant Name]

Category trojan
Size 46080 B
Detection created Feb 16, 2016
Detection database version 13038
Short description

The trojan serves as a backdoor. It can be controlled remotely.

Installation

The trojan does not create any copies of itself.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (2) URLs. The HTTP protocol is used.


It may perform the following actions:

  • delete Registry entries
  • run executable files

The trojan may attempt to download files from the Internet.


The file is stored in the following location:

  • %windir%\­System32\­regdel.dat

After decryption the data is saved in the following files:

  • %windir%\­System32\­regdel.ini

The performed action depends entirely on data the trojan receives from the Internet.


The trojan may delete the following files:

  • %windir%\­System32\­regdel.ini

Please enable Javascript to ensure correct displaying of this content and refresh this page.