Virus:TR/Dldr.Dado.cv.1.B
Date discovered:13/07/2005
Type:Trojan
Subtype:Dldr
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:25.600 Bytes
MD5 checksum:80047e6ac55ce12075a7d3e31934a531
VDF version:6.31.0.202

 General Method of propagation:
   • No own spreading routine


Alias:
   •  Mcafee: Downloader-ABU
   •  Kaspersky: Trojan-Downloader.Win32.Dadobra.cv
   •  F-Secure: W32/Downloader.ECS
   •  Sophos: Troj/Freezo-A


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP


Side effects:
   • Downloads a malicious file
   • Registry modification

 Files The following files are created:

– A file that is for temporary use and it might be deleted afterwards:
   • %temporary internet files%\imgmp[1].jpg

%cookies%\%user%@uol.com[1].txt



It tries to download a file:

– The location is the following:
   • http://**********.sites.uol.com.br/imgmp.jpg
It is saved on the local hard drive under: %SYSDIR%\cmrss.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.

 Registry The following registry key is added:

– HKLM\Software\Microsoft\DownloadManager

Description inserted by Sergiu Oprea on Tuesday, August 2, 2005
Description updated by Sergiu Oprea on Tuesday, August 30, 2005

Back . . . .