Troj/Cosiam-A is a proxy Trojan with backdoor capabilities.
Troj/Cosiam-A will contact a remote location in order to report details of the infected computer, including the port that the Trojan is listening on, the computer's IP and operating system. The Trojan may then download configuration data.
Troj/Cosiam-A is capable of downloading and running further executable files.
When first run, Troj/Cosiam-A will copy itself to the Windows system folder as ATIPTEXT.EXE. In order to run automatically each time a user logs on, Troj/Cosiam-A will set the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
atiptext
<Windows system folder>\atiptext.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
atiptext
<Windows system folder>\atiptext.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
atiptext
<Windows system folder>\atiptext.exe
Troj/Cosiam-A will create the following registry branch:
HKLM\Software\Microsoft\ATI_VER