TrojanDownloader:Win32/Obitel.gen!A is a trojan that downloads and executes arbitrary files.
When executed, TrojanDownloader:Win32/Obitel.gen!A copies itself to:
It also drops the following files:
<system folder>\stus.exe - this file is not malicious
%Temp%\in<random alphanumeric character>.tmp (e.g. ina.tmp) - this file is detected as TrojanDownloader:Win32/Obitel
Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32.
Downloads and Executes Arbitrary Files
The file detected as TrojanDownloader:Win32/Obitel contains a hard-coded list of URLs for the main downloading component, TrojanDownloader:Win32/Obitel.gen!A, to download and execute files from. These files may include additional malware.
In the wild, Win32/Obitel has been observed contacting the following domains for this purpose: