TrojanDownloader:Win32/Umbald.A is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.
When executed, TrojanDownloader:Win32/Umbald.A copies itself to %windir%\winsvchost.exe.
The malware modifies the following registry entries to ensure that its copy executes at each Windows start:
Adds value: "Windows Updater"
With data: "c:\windows\winsvchost.exe"
To subkey: HKCU\Software\Microsoft\windows\currentversion\run
Contacts remote host
TrojanDownloader:Win32/Umbald.A may contact a remote host at a1.livefeed916.com using port 80. Commonly, malware may contact a remote host for the following purposes:
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 a02f894bd03fecad453fb333e921570bbf57972b.