Trojan:Win32/Danmec.M is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
Trojan:Win32/Danmec.M creates the following files on an affected computer:
c:\documents and settings\administrator\local settings\temp\_check32.bat
c:\documents and settings\administrator\local settings\temp\~7.tmp
Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Contacts remote hosts
Trojan:Win32/Danmec.M may contact the following remote hosts:
220.127.116.11 using port 80
18.104.22.168 using port 80
22.214.171.124 using port 80
ns.uk2.net using port 53
www.web.de using port 80
www.yahoo.com using port 80
Commonly, malware may contact a remote host for the following purposes:
To confirm Internet connectivity
To report a new infection to its author
To receive configuration or other data
To download and execute arbitrary files (including updates or additional malware)
To receive instruction from a remote attacker
To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 a9fec70a9e163a5966a37f9c533c2ae1fd1127d1.