Fandom

Malware Wiki

Tibia

1,327pages on
this wiki
Add New Page
Comments0 Share

Rootkit.Win32.Tibia.aev or Tibia.aev is a rootkit that acts to similar to a worm.

PayloadEdit

During installation, the file saves its configuration to the following file:

%WinDir%\cchost.ini

The rootkit/trojan is designed to flood victims with spam. When launched, it attempts to download the spam that is forwarded to the victims.

http://www.smalltool.net/remotewatch/send_****.php

After that, it will download a list of emails from the following domain.

http://www.smalltool.net/remotewatch/user****.php

It will forward the downloaded spam to the email addresses on the list.

SourcesEdit

Securelist (Kaspersky Labs), Rootkit.Win32.Tibia.aev

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.