English
Romana
Home
|
Contact
|
Feedback
SEARCH
Security Development
Company
Careers
Press Center
Virus Info
Security News
Virus Glossary
About Malware
VDF History
External Links
Solutions
Products
Alerts Panel
Support
Register
TR/Dldr.EbayBill.N - Trojan
See also
Summary
Full description
Virus:
TR/Dldr.EbayBill.N
Date discovered:
10/01/2007
Type:
Trojan
Subtype:
Downloader
In the wild:
No
Reported Infections:
Low
Distribution Potential:
Low
Damage Potential:
Low to medium
Static file:
Yes
File size:
5.554 Bytes
MD5 checksum:
0dcb370b0faf44e295dc8ca151a0cb72
VDF version:
6.36.01.055
IVDF version:
6.36.01.058
General
Method of propagation:
• No own spreading routine
Aliases:
• Mcafee: Downloader-AAP
• Kaspersky: Trojan-Downloader.Win32.Nurech.l
• F-Secure: W32/Small.EAF
• Sophos: Troj/Clagge-Gen
• Grisoft: Downloader.Generic2.XNZ
• Eset: Win32/TrojanDownloader.Small.DQX
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Downloads files
• Lowers security settings
• Registry modification
Files
It tries to download some files:
– The location is the following:
• http://www.marina.users.digital-crocus.com/1/**********
It is saved on the local hard drive under:
%WINDIR%
\chii.exe Furthermore this file gets executed after it was fully downloaded.
– The location is the following:
• http://www.marina.users.digital-crocus.com/1/**********
It is saved on the local hard drive under:
%WINDIR%
\zupacha.exe Furthermore this file gets executed after it was fully downloaded.
– The location is the following:
• http://www.marina.users.digital-crocus.com/1/**********
It is saved on the local hard drive under:
%WINDIR%
\1.exe Furthermore this file gets executed after it was fully downloaded.
Registry
The following registry key is added:
– [HKLM\SYSTEM\ControlSet\Services\SharedAccess\Parameters\
FiREWaLLpolicy\StAnDaRDPrOFiLe\AUtHorizedapplications\List]
• "
%malware execution directory%
\
%executed file%
"="
%malware execution directory%
\
%executed file%
:*:ENABLED:0"
File details
Programming language:
The malware program was written in MS Visual C++.
Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
• FSG
See a brief description
here
.
Inserted by Monica Ghitun on Wed, 10 Jan 2007 09:49 (GMT+1)
Updated by Monica Ghitun on Wed, 10 Jan 2007 09:51 (GMT+1)
« Back
Print this page
Security News
Avira protects from PDF Exploit
Infected Firefox Add-on: Avira protects
HEUR/HTML.Malware
HTML/Infected.WebPage.Gen
HTML/Crypted.Gen
TR/Rootkit.Gen
W32/Sality.Y
Worm/Sohaned.BP
TR/Drop.Muha.462027
TR/Silentbanker.BA
TR/Dldr.Zitan.A
EXP/Pidief.axa
Download here
© 2010 Avira Soft SRL
Privacy
|
Site terms
|
Copyright
|
Site map
Print this page
