TrojanDownloader:Win32/Genome.O

TrojanDownloader:Win32/Genome.O is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.

When executed, TrojanDownloader:Win32/Genome.O copies itself to c:\documents and settings\administrator\application data\hex-5823-6893-6818\jutched.exe.

The malware modifies the following registry entries to ensure that its copy executes at each Windows start:

Adds value: "Java Update Manager"
With data: "c:\documents and settings\administrator\application data\hex-5823-6893-6818\jutched.exe"
To subkey: HKCU\Software\Microsoft\windows\currentversion\run

Peer-to-Peer file sharing
TrojanDownloader:Win32/Genome.O may attempt to spread via Peer-to-Peer(P2P) file sharing by copying itself to the shared folders of particular P2P file sharing applications. The worm copies itself to the shared folders of these applications using file names designed to entice other users of the file sharing network into downloading and running copies of the worm.

The following table details this behavior:

 

If the following programs are installed:	Then the malware may copy itself to the following folders:	Using one of the following file names:
bearshare eMule kazaa limewire	%programfiles%\bearshare\shared\ %programfiles%\emule\incoming\ %programfiles%\kazaa lite\my shared folder\ %programfiles%\kazaa\my shared folder\ %programfiles%\limewire\shared\	dll.exe

Modifies system security settings

This malware description was produced and published using our automated analysis system's examination of file SHA1 08a08bb7f08ebbf5e7f15bca4a3ca4f20d3e6db7.