Troj/Cosiam-D is a proxy Trojan with backdoor Trojan capabilities.
Troj/Cosiam-D will contact a remote location in order to report details of the infected computer, including the port that the Trojan is listening on, the computer's IP and operating system. The Trojan may then download configuration data.
Troj/Cosiam-D is capable of downloading and running further executable files.
When first run, Troj/Cosiam-D will copy itself to the Windows system folder as leeman.exe. In order to run automatically each time a user logs in, Troj/Cosiam-D will set the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
leeman
<System>\leeman.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
leeman
<System>\leeman.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
leeman
<System>\leeman.exe
Troj/Cosiam-D creates the following registry entry:
HKLM\SOFTWARE\Microsoft
ATI_VER
Troj/Cosiam-D may download and execute files from a remote website to a file dxvw<4 numbers>.exe in the Windows system or Temp folder.
Troj/Cosiam-D may create an empty file bin28.log in the Windows system folder.
The Trojan is capable of performing Denial of Service (DoS) attacks on remote computers.