Virus:TR/Dldr.Amisa.4
Date discovered:10/05/2006
Type:Trojan
Subtype:Downloader
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:49.152 Bytes
MD5 checksum:d52dd1063854a4a99bcee9815f8a3238
VDF version:6.34.01.57

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: DollarRevenue
   •  Kaspersky: Trojan-Downloader.Win32.VB.acn
   •  TrendMicro: TROJ_ADLOAD.CK
   •  Bitdefender: Trojan.Downloader.Agent.UV


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads malicious files
   • Registry modification

 Registry The following registry key is added in order to run the process after reboot:

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   • "newname"="%malware execution directory%\%executed file%"



The following registry keys including all values and subkeys are removed:
   • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gimmysmileys
   • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\gimmygames

 Backdoor Contact server:
The following:
   • http://promo.dollarrevenue.com/bundle/**********?status=my_upd&id=%several random digits%



Remote control capabilities:
    • Download file

 File details Programming language:
 The malware program was written in Visual Basic.

Description inserted by Ionut Slaveanu on Wednesday, May 17, 2006
Description updated by Ionut Slaveanu on Monday, May 29, 2006

Back . . . .