-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\cfgb
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\diablo130302.cl
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\diakgcn121016.cl
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\libblkmaker-0.1-0.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\libblkmaker_jansson-0.1-0.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\libcurl-4.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\libcurl.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\libeay32.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\libidn-11.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\libjansson-4.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\libpdcurses.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\libusb-1.0.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\pdcurses.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\phatk121016.cl
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\poclbm130302.cl
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\pthreadgc2.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\rybecrtbdxr.exe
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\scrypt130511.cl
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\ssleay32.dll
-
c:\documents and settings\administrator\local settings\temp\wwrbtcfest\zlib1.dll
Trojan:Win32/Tarcloin.J can contact the following remote hosts:
- litecoinpool.org using port 3333
- mine.pool-x.eu using port 8000
- pastebin.com using port 80
- stratum.give-me-ltc.com using port 3333
Commonly, malware contacts a remote host to:
- Confirm Internet connectivity
- Report a new infection to its author
- Receive configuration or other data
- Download and run files (including updates and other malware)
- Receive instruction from a remote hacker
- Upload information taken from your PC
This malware description was produced and published using automated analysis of file SHA1 c6d5330c80f4277f49a50d370b26954807c1b6f0.
