Virus:TR/Dldr.VB.AKH
Date discovered:03/11/2006
Type:Trojan
Subtype:Downloader
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:21.040 Bytes
MD5 checksum:debcf161b5545ac55a6e8c6748e8984d
VDF version:6.35.01.92
IVDF version:6.35.01.93 - Tuesday, August 15, 2006

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: Generic Downloader.s
   •  Kaspersky: Trojan-Downloader.Win32.VB.aof
   •  Bitdefender: Generic.Malware.Sdld


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads a file
   • Registry modification

 Files It copies itself to the following location:
   • %SYSDIR%\wdfmgr32.exe




It tries to download a file:

– The location is the following:
   • http://www.urlmon.isxv.com/log/**********
This file may contain further download locations and might serve as source for new threats.

 Registry The following registry key is continuously in an infinite loop added in order to run the process after reboot.

–  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "wdfmgr32"="%SYSDIR%\wdfmgr32.exe"

 File details Programming language:
 The malware program was written in Visual Basic.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Monica Ghitun on Friday, November 3, 2006
Description updated by Monica Ghitun on Friday, November 3, 2006

Back . . . .