Login or Register to Ask a Question and Join Our Community


Malware Advisories (RSS)

Troj_dloader.rfq

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Malware Advisories (RSS) Troj_dloader.rfq
# 1  
Old 04-21-2008
Troj_dloader.rfq
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Image

Malware Overview

This Trojan may be downloaded from a certain remote site(s). It may be downloaded unknowingly by a user when visiting malicious Web site(s).
It creates a registry key as part of its installation routine.
It uses the following icon related to Macromedia Flash Player to trick users into thinking that it is a legitimate file:
Image

Upon execution, this Trojan displays the following fake message box to trick unsuspecting users into thinking that it fails to execute:Image

When a user clicks on the OK button, it connects to several Web sites to alert a remote malicious user.
It drops files that are all detected by Trend Micro as TSPY_BANCOS.ABL.
The said dropped files are then executed, then searches for the folder C:\Arquivos de Programas on the affected system where TROJ_BANKER.PXN is dropped. An error message is then displayed if the said folder is not found. Otherwise, it creates the folder PLUGIN under the folder C:\Arquivos de Programas.
It also drops non-malicious files. As a result, routines of the dropped files are exhibited on the affected system.

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question