Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
Method of propagation:
• No own spreading routine
• Kaspersky: Trojan-Downloader.Win32.CashDeluxe.c
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
• Downloads files
• Third party control
It tries to download a file:
– The location is the following:
It is saved on the local hard drive under:
\sdfje.exe Furthermore this file gets executed after it was fully downloaded.
As a result remote control capability is provided. This is done via the HTTP GET request on a PHP script.
Remote control capabilities:
• Download file
• Execute file
The malware program was written in Visual Basic.
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
Description inserted by Iulia Diaconescu on Wednesday, March 29, 2006
Description updated by Iulia Diaconescu on Tuesday, April 4, 2006