Troj/Cosiam-E is a proxy Trojan with backdoor capabilities.
Troj/Cosiam-E will contact a remote location in order to report details of the infected computer.
Troj/Cosiam-E is capable of downloading and running further executable files.
Troj/Cosiam-E may download and execute files from a remote website.
Troj/Cosiam-E is a proxy Trojan with backdoor capabilities.
Troj/Cosiam-E will contact a remote location in order to report details of the infected computer, including the port that the Trojan is listening on, the computer's IP and operating system. The Trojan may then download configuration data.
Troj/Cosiam-E is capable of downloading and running further executable files.
When first run, Troj/Cosiam-E will copy itself to the Windows system folder as multiran.exe. In order to run automatically each time a user logs in, Troj/Cosiam-E will set the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
multiran
<Windows system folder>\multiran.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
multiran
<Windows system folder>\multiran.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
multiran
<Windows system folder>\multiran.exe
Troj/Cosiam-E creates the following registry entry:
HKLM\SOFTWARE\Microsoft
ATI_VER
Troj/Cosiam-E may download and execute files from a remote website to a file dxvw<4 numbers>.exe in the Windows system or Temp folder.
Troj/Cosiam-E may create an empty file bin28.log in the Windows system folder.
The Trojan is capable of performing Denial of Service (DoS) attacks on remote computers.