Threat Description

Trojan-Downloader:​W32/KDV-176347

Details

Aliases:Trojan-Downloader:​W32/KDV-176347, Trojan.generic.kdv.176347, Trojan-Downloader.Win32.Agent.gctp
Category:Malware
Type:Trojan-Downloader
Platform:W32

Summary



This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details



This trojan is disguised as a DOC file. Upon executing the trojan, it will download a document from a remote site (hxxp://www.epof.ru/[...]/document.doc) and display it, furthering the deception that the trojan is legitimate. Below is a screenshot of the document displayed:

In the meantime, the trojan will attempt to download malicious files from the following URLs:

  • hxxp://www.epof.ru/[...]/load.php?file=0
  • hxxp://www.epof.ru/[...]/load.php?file=1
  • hxxp://www.epof.ru/[...]/load.php?file=2
  • hxxp://www.epof.ru/[...]/load.php?file=3
  • hxxp://www.epof.ru/[...]/load.php?file=4
  • hxxp://www.epof.ru/[...]/load.php?file=5
  • hxxp://www.epof.ru/[...]/load.php?file=6
  • hxxp://www.epof.ru/[...]/load.php?file=7
  • hxxp://www.epof.ru/[...]/load.php?file=8
  • hxxp://www.epof.ru/[...]/load.php?file=9
  • hxxp://www.epof.ru/[...]/load.php?file=uploader
  • hxxp://www.epof.ru/[...]/load.php?file=grabbers

At the time of writing, the domain contacted by the malware is blocked by the Browsing Protection feature of our product.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More