TrojanDownloader:Win32/Pluzoks.A is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.
modifies the following registry entries to ensure that its copy executes at each Windows start:
Adds value: "ozplusv3"
With data: "<malware file>.exe"
To subkey: HKCU\Software\Microsoft\windows\currentversion\run
The malware creates the following files on an affected computer:
Contacts remote host
TrojanDownloader:Win32/Pluzoks.A may contact a remote host at www.ozplus.kr using port 80. Commonly, malware may contact a remote host for the following purposes:
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 fa33104ddcb64f908f29b870c9b75bee9514ad0a.