Trojan:Win32/Dogrobot.A is a trojan that installs a trojan downloader, terminates security-related services and processes and may spread to other computers across a network by exploiting a vulnerability mitigated by Microsoft Security Bulletin MS08-067
Trojan:Win32/Dogrobot.A may be installed by other malware such as Backdoor:Win32/Farfli.I
. This trojan may be present as a DLL component in the Windows folder having names such as the following:
This trojan may attempt to spread to other computers across a network by exploiting a vulnerability mitigated by Microsoft Security Bulletin MS08-067
. The malware attempts to send exploit code that attacks the Windows Server service on discovered vulnerable computers. If the malware can successfully exploit the target computer, it could execute remote code that installs a copy of the malware.
When Trojan:Win32/Dogrobot.A is run, it drops malware as the following:
%windir%\System32\windowsjiocs.dll - Trojan:Win32/Dogrobot.A
The dropped component "windowsjiocs.dll" is then executed using the Windows utility "rundll32.exe". The component "migsni.sys" is installed as a service and may be present as the name "Kisstusb".
Trojan:Win32/Dogrobot.A attempts to kill the following security related processed if they are running:
Downloads other malware
This trojan may attempt to download files or a list of linked files from the website "mck.o0oq.cn".
Analysis by Hong Jia