Win32/Sazoora [Threat Name] go to Threat
Win32/Sazoora.A [Threat Variant Name]
|Detection created||Aug 28, 2012|
|Signature database version||7424|
Win32/Sazoora.A is a trojan that steals passwords and other sensitive information. The trojan attempts to send gathered information to a remote machine.
When executed, the trojan copies itself into the following location:
In order to be executed on every system start, the trojan sets the following Registry entry:
- "WindowsHost" = "%appdata%\WinHost\svchost.exe"
The trojan may set the following Registry entries:
- "path" = "%appdata%\WinHost\svchost.exe"
- "guid" = "%variable%"
- "installed" = 1
- "scan" = 1
- "count" = %number%
A string with variable content is used instead of %variable% .
Win32/Sazoora.A is a trojan that steals sensitive information.
The following information is collected:
- login user names for certain applications/services
- login passwords for certain applications/services
It can execute the following operations:
- modify network traffic
- monitor network traffic
The following programs are affected:
- Internet Explorer
- Mozilla Firefox
- Google Chrome
The trojan attempts to send gathered information to a remote machine.
The trojan acquires data and commands from a remote computer or the Internet.
The trojan contains a list of (3) URLs. The HTTP protocol is used in the communication.