English
Romana
Home
|
Contact
|
Feedback
SEARCH
Security Development
Company
Careers
Press Center
Virus Info
Security News
Virus Glossary
About Malware
VDF History
External Links
Solutions
Products
Alerts Panel
Support
Register
TR/Dldr.EbayBill.N - Trojan
See also
Summary
Full description
Virus:
TR/Dldr.EbayBill.N
Date discovered:
10/01/2007
Type:
Trojan
Subtype:
Downloader
In the wild:
No
Reported Infections:
Low
Distribution Potential:
Low
Damage Potential:
Low to medium
Static file:
Yes
File size:
5.554 Bytes
MD5 checksum:
0dcb370b0faf44e295dc8ca151a0cb72
VDF version:
6.36.01.055
IVDF version:
6.36.01.058
General
Method of propagation:
• No own spreading routine
Aliases:
• Mcafee: Downloader-AAP
• Kaspersky: Trojan-Downloader.Win32.Nurech.l
• F-Secure: W32/Small.EAF
• Sophos: Troj/Clagge-Gen
• Grisoft: Downloader.Generic2.XNZ
• Eset: Win32/TrojanDownloader.Small.DQX
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Downloads files
• Lowers security settings
• Registry modification
Files
It tries to download some files:
– The location is the following:
• http://www.marina.users.digital-crocus.com/1/**********
It is saved on the local hard drive under:
%WINDIR%
\chii.exe Furthermore this file gets executed after it was fully downloaded.
– The location is the following:
• http://www.marina.users.digital-crocus.com/1/**********
It is saved on the local hard drive under:
%WINDIR%
\zupacha.exe Furthermore this file gets executed after it was fully downloaded.
– The location is the following:
• http://www.marina.users.digital-crocus.com/1/**********
It is saved on the local hard drive under:
%WINDIR%
\1.exe Furthermore this file gets executed after it was fully downloaded.
Registry
The following registry key is added:
– [HKLM\SYSTEM\ControlSet\Services\SharedAccess\Parameters\
FiREWaLLpolicy\StAnDaRDPrOFiLe\AUtHorizedapplications\List]
• "
%malware execution directory%
\
%executed file%
"="
%malware execution directory%
\
%executed file%
:*:ENABLED:0"
File details
Programming language:
The malware program was written in MS Visual C++.
Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
• FSG
See a brief description
here
.
Inserted by Monica Ghitun on Wed, 10 Jan 2007 09:49 (GMT+1)
Updated by Monica Ghitun on Wed, 10 Jan 2007 09:51 (GMT+1)
« Back
Print this page
Latest News
Avira survey shows 1 in 3 people think all websites pose security threat
Avira warns of Windows vulnerability
HEUR/HTML.Malware
TR/Crypt.XPACK.Gen2
W32/Sality.Y
Java/Agent.M.1
HTML/Crypted.Gen
TR/Renos.AB.4
TR/Renos.AT
TR/Fakealert.MA.591
TR/Agent.321536
TR/Agent2.loa
Download here
© 2010 Avira Soft SRL
Privacy
|
Site terms
|
Copyright
|
Site map
Print this page
