Troj/Cozdoor-D is a backdoor Trojan for the Windows platform.
When first run Troj/Cozdoor-D copies itself to the Windows System folder with a random filename eight letters long, and drops a DLL file also with a random name eight letters long to the same folder. The DLL file contains the backdoor functionality of the Trojan.
The following registry entry is created to run code exported by the Trojan library on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
SysTray.Exsh
{1768ECFC-4F5C-4f5b-B134-D67294FC78E9}
The DLL is registered as a COM object, creating registry entries under:
HKCR\CLSID\{1768ECFC-4F5C-4f5b-B134-D67294FC78E9}
Once running, the backdoor connects to a pre-specified website where it can receive further commands.