Home > Threat descriptions >

Exploit:W32/XDropper.BR

Classification

Category: Malware

Type: Exploit

Aliases: Exploit:W32/XDropper.BR

Summary


A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.

Removal


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Exploit:W32/XDropper.BR identifies malware that exploits the CVE-2007-0030 vulnerability, using a specially-crafted malicious Excel file.

This malware is also mentioned in our Weblog.

Execution

Exploit:W32/Xdropper.BR will drop the following file upon execution:

  • %temp%\svchost.exe - detected as Trojan-Dropper:W32/Agent.DJGD

The dropper will drop additional binaries that will download and executes malicious files from:

  • https://211.21.161.10/images/[..].gif
  • https://60.249.139.16/images/[..].gif
  • https://203.161.117.17/[..].gif

The URLs are dead during the investigation.