Virus:BDS/Agent.ktp
Date discovered:24/06/2008
Type:Backdoor Server
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:2.169.600 Bytes
MD5 checksum:b2b111bdea64a2a54e20371dc8cee753
IVDF version:7.00.05.03 - Tuesday, June 24, 2008

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: Backdoor.Graybird
   •  Kaspersky: Backdoor.Win32.Agent.ktp
   •  F-Secure: Backdoor.Win32.Agent.ktp
   •  Panda: Trj/Multijoiner.A


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops a file
   • Drops a malicious file

 Files The following files are created:

%TEMPDIR%\install_flash_player_active.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Dldr.Losabel.WE

%TEMPDIR%\install_flash_player_active_x.exe Furthermore it gets executed after it was fully created.

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Thomas Wegele on Wednesday, November 12, 2008
Description updated by Thomas Wegele on Wednesday, November 12, 2008

Back . . . .