TrojanDownloader:Win32/Camec.A is the downloader and installer component for other Win32/Camec.A malware. It disables User Account Control (UAC) and gathers information about the infected computer, which it sends back to a remote server.
Upon execution, TrojanDownloader:Win32/Camec.A checks if it is running in a computer with the locale Portuguese-Brazil. If this is not the locale, it exits without performing its malicious routine.
Disables security settings
TrojanDownloader:Win32/Camec.A disables User Account Control (UAC) if the operating system of the computer is Windows Vista or Windows 7.
Gathers sensitive information
TrojanDownloader:Win32/Camec.A gathers the following sensitive information:
Logged-in user name
Hard disk serial number
Operating system version
The gathered information is sent back to a remote server.
Downloads and installs other malware
TrojanDownloader:Win32/Camec.A downloads and installs two Browser Helper Objects (BHO) that are detected as other malware:
Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Analysis by Marian Radu
The following system changes may indicate the presence of this malware:
The presence of the following files: