Virus:TR/Bredolab.CM.1
Date discovered:09/08/2010
Type:Trojan
In the wild:Yes
Reported Infections:High
Distribution Potential:Medium
Damage Potential:Medium
Static file:Yes
File size:20.992 Bytes
MD5 checksum:35F2CE89928007741AC7945FE90D081A
IVDF version:7.10.10.125 - Monday, August 9, 2010

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan-Downloader.Win32.Agent.efli
   •  F-Secure: Trojan-Downloader:W32/Agent.DKGA
   •  Sophos: Troj/Bredo-DX
   •  Bitdefender: Trojan.Bredolab.CM
   •  Avast: Win32:Oficla-X
   •  Microsoft: TrojanDownloader:Win32/Waledac.C
   •  AVG: Cryptic.ATL
   •  Panda: Trj/CI.A
   •  VirusBuster: Trojan.Agent.YHJN
   •  Eset: Win32/TrojanDownloader.Bredolab.AN
   •  GData: Trojan.Bredolab.CM
   •  AhnLab: Win-Trojan/Bredolab.20992.AR
   •  Authentium: W32/Trojan3.BXF
   •  DrWeb: Trojan.DownLoad.41551
   •  Ikarus: Trojan.Oficla


Platforms / OS:
   • Windows 98
   • Windows 2000
   • Windows XP
   • Windows Vista
   • Windows 7


Side effects:
   • Downloads malicious files


Right after execution the following information is displayed:


 Files It tries to download some files:

– The location is the following:
   • http://18**********g.exe
It is saved on the local hard drive under: %TEMPDIR%\_ex-68.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/FakeAV.JE.1


– The location is the following:
   • http://8**********t.exe
It is saved on the local hard drive under: %TEMPDIR%\_ex-08.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/FakeAV.BD.43

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Carlos Valero Llabata on Thursday, August 12, 2010
Description updated by Carlos Valero Llabata on Thursday, August 12, 2010

Back . . . .