Full description

Virus:	TR/Drop.Agent.AA.4
Date discovered:	06/08/2010
Type:	Trojan
In the wild:	Yes
Reported Infections:	Low
Distribution Potential:	Low
Damage Potential:	Low to medium
Static file:	Yes
File size:	25.088 Bytes
MD5 checksum:	e57d938e0754e4fbb3b87cf818a0fc69
IVDF version:	7.10.10.101 - Friday, August 6, 2010

General Method of propagation:
   • No own spreading routine

Aliases:
   • Symantec: Downloader.Harnig
   • Kaspersky: Packed.Win32.Krap.ao
   • Sophos: Troj/Dloadr-DBU
   • Avast: Win32:Crypt-HFP
   • Microsoft: TrojanDownloader:Win32/Bubnix.A
   • Panda: Trj/CI.A
   • PCTools: Downloader.Harnig
   • VirusBuster: Trojan.DL.Bubnix.FX
   • Eset: Win32/Kryptik.FWJ
   • AhnLab: Win-Trojan/Bredolab.55808
   • DrWeb: Trojan.DownLoader1.16230
   • Ikarus: Packed.Win32.Krap
   • Norman: Smalltroj.ZISO

Platforms / OS:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Drops a malicious file

Files It copies itself to the following location:
• %TEMPDIR%\%random character string%.tmp

It deletes the initially executed copy of itself.

It tries to download a file:

– The location is the following:
• http://204.45.118.250/exc1
It is saved on the local hard drive under: %SYSDIR%\drivers\aec.sys Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too. Detected as: TR/Agent.783872.3

Description inserted by Carlos Valero Llabata on Wednesday, August 25, 2010
Description updated by Carlos Valero Llabata on Wednesday, August 25, 2010

Back . . . .