Troj/Battry-A is a backdoor Trojan for the Windows platform.
Troj/Battry-A includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Battry-A tries to connect to a pre-configured IRC server, from where it can receive further instructions.
When first run Troj/Battry-A copies itself to <Windows folder>\mwoffice.exe and creates the following files:
<Windows folder>\cdromcntrl.exe
<Windows folder>\mwoffice.dll
Both cdromctrl.exe and mwoffice.dll are also detected as Troj/Battry-A. mwoffice.dll is used to log any keystrokes made on an infected computer, and cdromctrl.exe is used to download more malware.
The following registry entries are created to run mwoffice.exe and cdromcntrl.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Update Controller
<Windows folder>\mwoffice.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Cdrom Controller
<Windows folder>\cdromcntrl.exe