TR/Dldr.EbayBill.M - Trojan

See also

Full description

Virus:	TR/Dldr.EbayBill.M
Date discovered:	09/01/2007
Type:	Trojan
Subtype:	Downloader
In the wild:	No
Reported Infections:	Low
Distribution Potential:	Low
Damage Potential:	Low to medium
Static file:	Yes
File size:	17.920 Bytes
MD5 checksum:	00879394f785800d37f28b09d8d9c407
VDF version:	6.36.01.033
IVDF version:	6.36.01.036

General Method of propagation:
   • No own spreading routine

Aliases:
   • Mcafee: Downloader-AAP
   • Kaspersky: Trojan-Downloader.Win32.Nurech.h
   • F-Secure: W32/Agent.BBM
   • Grisoft: Proxy.IED
   • Eset: Win32/TrojanDownloader.Nurech.H

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Downloads a file
   • Registry modification

Files It tries to download a file:

– The location is the following:
• http://zxcvz.com/**********
At the time of writing this file was not online for further investigation.

Registry The following registry keys are added:

– [HKCU\Software\unker]
– [HKCU\Software\unker\%executed file%]
– [HKCU\Software\unker\%executed file%\main]
• "cid"=%hex number%

Miscellaneous Mutex:
It creates the following Mutex:
• NIonioionwfoinwefoinwneiofinweonfiniwefnbvurueb

File details Programming language:
The malware program was written in MS Visual C++.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

See a brief description here.

Inserted by Monica Ghitun on Tue, 09 Jan 2007 12:06 (GMT+1)
Updated by Monica Ghitun on Tue, 09 Jan 2007 12:11 (GMT+1)

« Back

TR/Dldr.EbayBill.M - Trojan

Latest News