OnLineGames.RU is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious way. Trojans do not replicate or spread to other computers. OnLineGames.RU is compressed using the Embedded_I#096f2 executable packer and its file size is 138,767 bytes. It uses the network connection: - Looks for an Internet connection.
- Downloads file from http://www.456kill.com/xx/yy.exe as C:\WINDOWS\TEMP\yy.exe.
- Connects to "www.456kill.com" on port 80 (TCP).
- Opens URL: http://www.456kill.com/xx/yy.exe.
OnLineGames.RU drops the following files on the hard drive: - C:\WINDOWS\TEMP\k.dll (31935 bytes)
- C:\WINDOWS\TEMP\yy.exe (4096 bytes)
It also contains anti-debugging code, is starting downloaded file - potential security problem, monitors the list of running processes.
|
