A downloader Trojan that consists of two following components: a dropper and the downloader itself. It is written in С++ and has its own operating algorithm for dealing with NTFS structures.
The Trojan encompasses powerful features to detect debugging and analyzing tools. If any of such tools is detected, the Trojan removes itself from the system. Once launched, it tries to gain debugger privileges and inject the malicious code into spoolsv.exe. After that, Trojan.Yaryar.1 disables the Windows Security Center service, Automatic Updates, and Windows Firewall and establishes a connection to remote command and control servers to download necessary files.