Trojan:Win32/Ceatrg.A is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
When executed, Trojan:Win32/Ceatrg.A
copies itself to the following locations:
- c:\documents and settings\administrator\application data\adobeart.exe
- c:\documents and settings\administrator\application data\microsoft\winnt.tmp
The malware modifies the following registry entries to ensure that its copy executes at each Windows start:
Adds value: "AdobeART"
With data: "c:\documents and settings\administrator\application data\adobeart.exe"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Contacts remote host
Trojan:Win32/Ceatrg.A may contact a remote host at yz.hdddos.com using port 1338. Commonly, malware may contact a remote host for the following purposes:
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 82b772457f46b4bc25fe8f518877c8571f52e39f.