Alert level

TrojanDownloader:Win32/Kuluoz.E

(?)

Encyclopedia entry
Updated: Oct 15, 2012  |  Published: Oct 03, 2012

Aliases
  • Trojan.Smoaler (Symantec)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.
Detection initially created:
Definition: 1.137.851.0
Released: Oct 01, 2012

 

Summary

TrojanDownloader:Win32/Kuluoz.E is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.

Top

 

Symptoms

System changes
The following system changes may indicate the presence of this malware:

  • The presence of the following files:

    • <malware file>.txt
    c:\documents and settings\administrator\local settings\application data\msmnmhun.exe


Top

 

Technical Information (Analysis)

TrojanDownloader:Win32/Kuluoz.E is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.
Installation
When executed, TrojanDownloader:Win32/Kuluoz.E copies itself to c:\documents and settings\administrator\local settings\application data\msmnmhun.exe.

The malware creates the following files on an affected computer:

  • <current folder>\<malware file>.txt
Payload
Contacts remote hosts
TrojanDownloader:Win32/Kuluoz.E may contact the following remote hosts:

  • 178.77.103.54 using port 8080
  • 188.212.156.180 using port 8080
  • 202.169.224.202 using port 8080
  • 213.175.218.180 using port 8080
  • 213.175.218.181 using port 8080
  • 217.160.236.108 using port 84
  • 46.105.121.86 using port 8080
  • 46.4.180.98 using port 8080
  • 50.22.136.150 using port 8080
  • 94.247.176.157 using port 8080

Commonly, malware may contact a remote host for the following purposes:
  • To confirm Internet connectivity
  • To report a new infection to its author
  • To receive configuration or other data
  • To download and execute arbitrary files (including updates or additional malware)
  • To receive instruction from a remote attacker
  • To upload data taken from the affected computer

This malware description was produced and published using our automated analysis system's examination of file SHA1 bcad25b6b7ad315ea5a89d09e9768fe7906bd602.

Top

 

Prevention

Take these steps to help prevent infection on your computer.


Top

 

Recovery

To detect and remove this threat and other malicious software that may have been installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following: For more information about using antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Top

Provide feedback