Virus:TR/FraudPack.I
Date discovered:06/08/2010
Type:Trojan
In the wild:Yes
Reported Infections:High
Distribution Potential:Medium to high
Damage Potential:Medium to high
Static file:Yes
File size:20.480 Bytes
MD5 checksum:79BE5EBC9659F2C4E2E85CDD3464720D
IVDF version:7.10.09.88 - Wednesday, July 14, 2010

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  TrendMicro: TROJ_DLOADR.BRED
   •  F-Secure: Trojan-Downloader:W32/Agent.DKFK
   •  Sophos: Troj/Bredo-DT
   •  Avast: Win32:Fitmu-B
   •  Microsoft: TrojanDownloader:Win32/Waledac.C
   •  Panda: Trj/Sinowal.WXO
   •  VirusBuster: Trojan.DL.Bredolab.DQS
   •  Eset: Win32/TrojanDownloader.Bredolab.AN
   •  AhnLab: Win-Trojan/Downloader.20992.KH
   •  Authentium: W32/Trojan2.NAQB
   •  DrWeb: Trojan.DownLoad.41551
   •  Ikarus: Trojan.Win32.FakeAV


Platforms / OS:
   • Windows 98
   • Windows 2000
   • Windows XP
   • Windows Vista
   • Windows 7


Side effects:
   • Downloads malicious files


Right after execution the following information is displayed:


 Files It tries to download some files:

– The location is the following:
   • http://18**********g.exe
It is saved on the local hard drive under: %TEMPDIR%\_ex-68.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Fakealert.haa


– The location is the following:
   • http://8**********t.exe
It is saved on the local hard drive under: %TEMPDIR%\_ex-08.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Bredo.249856

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Carlos Valero Llabata on Thursday, August 12, 2010
Description updated by Carlos Valero Llabata on Thursday, August 12, 2010

Back . . . .