F-Secure
Tools
Trojan-Downloader:W32/Agent.BUV
Summary
Trojan-Downloader:W32/Agent.BUV downloads malicious files from a remote server.
It then executes and installs the downloaded files.
It then executes and installs the downloaded files.
Additional Details
Upon execution, this malware creates a copy of itself at the following location:
It then creates a BAT file that will be used to delete the original file executed by user.
It will then create the following processes:
The file called internat.exe is the malware's own process.
It attempts to download additional files from the following URLs:
Note: The URLs were offline during our period of investigation.
- %windir%\system\internat.exe
It then creates a BAT file that will be used to delete the original file executed by user.
It will then create the following processes:
- %windir%\system\internat.exe
- %programfiles%\Internet Explorer\IEXPLORE.EXE
The file called internat.exe is the malware's own process.
It attempts to download additional files from the following URLs:
- http://www.smsunionmm.com/107/tj.htm
- http://www.smsunionmm.com/107/tj10.htm
Note: The URLs were offline during our period of investigation.