Trojan:Win32/Korpit.A is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
Trojan:Win32/Korpit.A creates the following files on an affected computer:
<system folder>\bs.dll - detected as Trojan:Win32/Korpit.A
c:\documents and settings\administrator\application data\microsoft\crypto\rsa\s-1-5-21-1844237615-2111687655-839522115-500\a18ca4003deb042bbee7a40f15e1970b_7f5ed85d-6828-4f92-858c-f40b0ac68138
Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Contacts remote host
Trojan:Win32/Korpit.A may contact a remote host at daeilho.net using port 80. Commonly, malware may contact a remote host for the following purposes:
To report a new infection to its author
To receive configuration or other data
To download and execute arbitrary files (including updates or additional malware)
To receive instruction from a remote attacker
To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 9d70fe764daff117512a98f6dba8d87b488b13be.