Agent.BAO is a trojan downloader. It connects to a specified site on the Internet and gets more malicious download links.
Upon execution, it drops a copy of itself from the following location:
It also creates a service with the following service name:
It adds the following service registry entry:
- [HKLM\System\CurrentControlSet\Services\000Kendy Service]
It downloads a text file from the following site:
This text file contains download links of other malware.
Below is the list of some of the download sites gathered and the corresponding detection name of the downloaded files:
Note: The download links may vary depending on the content of the downloaded text file.
Moreover, Agent.BAO also creates a file named autorun.inf in the directory where the copy of the trojan is located. This is used to automatically execute the trojan when the folder is opened.
F-Secure Anti-Virus detects this malware with the following updates:
Version = 2006-11-06_02.