Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Malware Information Pages: Trojan:W32/VB.BKX
[Summary] | [Details] | [Additional Details]

Name : Trojan:W32/VB.BKX
Detection Names : Trojan.Win32.VB.bkx
Type:Trojan
Category:Malware
Platform:W32
Radar

Summary
Trojans are malicious programs that pretend be to benign. Trojans do not replicate themselves.
Back to the Top

Details


File System Changes
Creates these files:

  • %temp%\win32.exe
  • %windir%\system32\drivers\etc\hosts


Removes these files:

  • %cwd%\sample.exe
  • %windir%\system32\drivers\etc\hosts



Process Changes
Creates these processes:

  • %programfiles%\Internet Explorer\IEXPLORE.EXE


Uses these temporary processes:

  • %localsettings\Temp\win32.exe


Creates these mutexes:

  • IEXPLORE.EXE: _SHuassist.mtx
  • IEXPLORE.EXE: CritOpMutex



Network Connections
Attempts to download files from:

  • http://bux.to/[REMOVED].php



Registry Modifications
Sets these values:

  • HKCU\Software\Microsoft\Internet Explorer\Main
    FullScreen = no
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\\\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
    HRZR_PGYFRFFVBA = \x94\x3F\x43\x0E\x28\x00\x00\x00
Back to the Top

Additional Details
The malware's hosts file contains banking related search strings targeting a bank in the .mx Top Level Domain (TLD).
Back to the Top



F-Secure Corporation

Last Modified: June 11, 2008