Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Cossta

Overview

Threat Risk LOW LOW
Destructivity Unknown UNKNOWN
Payload
Detection files published
Description created 23 Mar 2010 02:28:00
Description updated 23 Mar 2010 02:28:00
Malware type TROJAN
Alias Trojan.Win32.Cossta (Kaspersky)
Troj/Cossta (Sophos)
Trojan Horse (Symantec)
Trojan.Win32.Cossta (F-Secure)
Spreading mechanism UNKNOWN
Summary

W32/Cossta

Spreading

On execution, the malware drops a duplicate md5 in the startup location, like IExplorer.exe or tsgmgr.exe, depending on variant. To mark its presence in the system, the following mutex object was created: )!VoqA.I4 and creating a run entry for the same dropped file. It is trying to access the following http:// [Removed] .com.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:12