|
|
|  |
|
|
|
|
F-Secure Malware Information Pages: Trojan:W32/VB.BKX

|
|
|
| Radar |
 |
|
|
|
Summary
|
| Trojans are malicious programs that pretend be to benign. Trojans do not replicate themselves. |
|
|
|
Details
|
File System Changes Creates these files:
- %temp%\win32.exe
- %windir%\system32\drivers\etc\hosts
Removes these files:
- %cwd%\sample.exe
- %windir%\system32\drivers\etc\hosts
Process Changes Creates these processes:
- %programfiles%\Internet Explorer\IEXPLORE.EXE
Uses these temporary processes:
- %localsettings\Temp\win32.exe
Creates these mutexes:
- IEXPLORE.EXE: _SHuassist.mtx
- IEXPLORE.EXE: CritOpMutex
Network Connections Attempts to download files from:
- http://bux.to/[REMOVED].php
Registry Modifications Sets these values:
- HKCU\Software\Microsoft\Internet Explorer\Main
FullScreen = no - HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\\\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
HRZR_PGYFRFFVBA = \x94\x3F\x43\x0E\x28\x00\x00\x00
|
|
|
|
Additional Details
|
| The malware's hosts file contains banking related search strings targeting a bank in the .mx Top Level Domain (TLD). |
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: June 11, 2008
|
|
|
|
|