1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Virus Descriptions
  6. Trojan:W32/VB.BKX

Trojan:W32/VB.BKX

Name : Trojan:W32/VB.BKX
Detection Names : Trojan.Win32.VB.bkx
Category:Malware
Type:Trojan
Platform:W32

Summary

Trojans are malicious programs that pretend be to benign. Trojans do not replicate themselves.

Details


File System Changes
Creates these files:

  • %temp%\win32.exe
  • %windir%\system32\drivers\etc\hosts


Removes these files:

  • %cwd%\sample.exe
  • %windir%\system32\drivers\etc\hosts



Process Changes
Creates these processes:

  • %programfiles%\Internet Explorer\IEXPLORE.EXE


Uses these temporary processes:

  • %localsettings\Temp\win32.exe


Creates these mutexes:

  • IEXPLORE.EXE: _SHuassist.mtx
  • IEXPLORE.EXE: CritOpMutex



Network Connections
Attempts to download files from:

  • http://bux.to/[REMOVED].php



Registry Modifications
Sets these values:

  • HKCU\Software\Microsoft\Internet Explorer\Main
FullScreen = no
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\\\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
HRZR_PGYFRFFVBA = \x94\x3F\x43\x0E\x28\x00\x00\x00


Additional Details

The malware's hosts file contains banking related search strings targeting a bank in the .mx Top Level Domain (TLD).