English
Deutsch
Francais
Español
Italian
Home
Minacce
TR/Dldr.Bagle.BV.852
Cerca
Home
Supporto
Soluzioni
Prodotti
Downloads
Minacce
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Azienda
Stampa
Partner
Newsletter
TR/Dldr.Bagle.BV.852 - Trojan
Vedi anche
In breve
Descrizione completa
Statistiche
How would you rate this information?
Worthless
Excellent
Nome del virus:
TR/Dldr.Bagle.BV.852
Scoperto:
28/05/2007
Tipo:
Trojan
Sottotipo:
Downloader
In circolazione (ITW):
Si
Numero delle infezioni segnalate:
Basso
Potenziale di propagazione:
Basso
Potenziale di danni:
Medio-Basso
File statico:
Si
Dimensione del file:
307.611 Byte
Somma di controllo MD5:
057f0B90f1262bb5fc48fb6b9fcbd291
Versione VDF:
6.38.01.186
Versione IVDF:
6.38.01.196
Generale
Metodo di propagazione:
• Nessuna propria procedura di propagazione
Alias:
• F-Secure: Trojan-Downloader.Win32.Bagle.bv
• Sophos: Troj/BagleDL-CQ
Piattaforme / Sistemi operativi:
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Effetti secondari:
• Scarica file
• Scarica file “maligni”
• Modifica del registro
Giusto dopo l'esecuzione vengono visualizzate le seguenti informazioni:
File
Si copia alla seguente posizione:
•
%SYSDIR%
\hldrrr.exe
Prova a scaricare un file:
– Le posizioni sono le seguenti:
• http://citometria.org/**********
• http://clasicosdevigo.com/**********
• http://clikart.com/**********
• http://coctelmedia.com/**********
• http://cogumelosonline.com.br/**********
• http://coindufeu.eolas-services.com/**********
• http://comunidadviajera.com/**********
• http://comune.santaluciadiserino.av.it/**********
• http://contactbridge.com/**********
• http://pc-fan.pl/**********
• http://coolnet.nazwa.pl/**********
• http://cortinasdoncarlos.com.ar/**********
• http://www.courdesloges.com/**********
• http://aytocristobal.com/**********
• http://cuidatumiembro.com/**********
• http://cyclegolf.com/**********
• http://cycletech.de/**********
• http://maneironsclimb.com/**********
• http://www.etraining.ee/**********
• http://dadivaria.com/**********
• http://dancefrequency.com.br/**********
• http://darioo.altervista.org/**********
• http://daruliftaa.com/**********
• http://datalifecenter.com/**********
• http://datissa.com/**********
• http://www.dbmetric.com/**********
• http://WWW.DDP.COM.PE/**********
• http://www.debmark.com/**********
• http://decastrogil.es/**********
• http://delattres.com/**********
• http://demianaiello.com.ar/**********
• http://demo.portaltapejara.com/**********
• http://derechoydemocracia.es/**********
• http://www.devergo.com/**********
• http://dezaete.nl/**********
• http://dieppeseinemaritime.com/**********
• http://digitalpicture.com/**********
• http://digicromo.com/**********
• http://diocesequebec.qc.ca/**********
• http://divinaclub.com/**********
• http://divinojocelyn.altervista.org/**********
• http://dj-horoz.com/**********
• http://djsoprano.cp.win.pl/**********
• http://djthefox.com/**********
• http://deniselinsconvites.com.br/**********
• http://lotva.org/**********
• http://oliwia.iskierka.org/**********
• http://dospablos.es/**********
• http://dponcemi.altervista.org/**********
• http://drutplast.com.pl/**********
• http://dudys.bx.pl/**********
• http://dukedem.com/**********
• http://dddesignstudio.com/**********
• http://easylimo.es/**********
• http://doctorlife.org/**********
• http://eccesso.es/**********
• http://ecobos.be/**********
• http://www.edenvillage.it/**********
• http://programaseducativos-salamanca.com/**********
• http://www.ekogips.pl/**********
• http://www.ekotap.pl/**********
• http://elelfogris.com/**********
• http://elemco.pl/**********
• http://elitan.pl/**********
• http://passecdl.co.uk/**********
• http://www.elotron.com/**********
• http://elpantalan.es/**********
• http://industriascarnicaselrobledo.com/**********
• http://www.enco-group.cz/**********
• http://energiesport.com/**********
• http://epamateohernandez.com/**********
• http://eravamo100.altervista.org/**********
• http://esf-ct.com/**********
• http://espaciojoven.org/**********
• http://www.espaceprojets-villejuif.fr/**********
• http://www.eszterlancaruhaz.hu/**********
• http://www.etalon-stroy.ru/**********
• http://www.experiment.lv/**********
• http://streetlions.com/**********
• http://www.false-news.com/**********
• http://falshpolcom.18.com1.ru/**********
• http://www.concretosfamasa.com/**********
• http://fermesdemarie.eolas-services.com/**********
• http://fernandoaureliano.com/**********
• http://fetems.org.br/**********
• http://wolfsdonksport.be/**********
• http://filibertovillalobosguijuelo.com/**********
• http://finz-center.com/**********
• http://www.fitdina.com/**********
• http://fiveuk.fi.funpic.org/**********
• http://flabs.net/**********
• http://fomentocredito.es/**********
• http://fortis-sf.home.pl/**********
• http://fotoastur.com/**********
• http://fouadovedia.com/**********
• http://foxx.fan-sites.org/**********
• http://frauen-ratgeber.com/**********
• http://fritschiclean.ch/**********
• http://www.kfzeintragsservice.de/**********
• http://www.autometasuche.de./**********
• http://www.s-w-services.co.uk/**********
• http://www.bodis.at/**********
• http://www.musikverein-grosswallstadt.de/**********
• http://tripplexwelt.de/**********
• http://www.weingut-giegerich.de/**********
• http://www.tenbrink-online.de/**********
• http://www.alphazip.com/**********
• http://www.kayaks.cz/**********
• http://galami.sk/**********
• http://galateainteriorismo.com/**********
• http://galixesol.com/**********
• http://www.gan-psifas.co.il/**********
• http://robertsandboles.co.nz/**********
• http://gazetaszkolna.edu.pl/**********
• http://gdri.si/**********
• http://generation80.be/**********
• http://www.georg-kuenzle.ch/**********
• http://giannifalco.com/**********
• http://gim24.icx.pl/**********
• http://giresuneczaciodasi.org.tr/**********
• http://girmantasphotography.com/**********
• http://giustiziasicura.org/**********
• http://glodowka.com.pl/**********
• http://202.162.97.63/**********
• http://brzozowa.v24.pl/**********
• http://goldpartner.pl/**********
• http://gomashie.com/**********
• http://go-modaru.21.com1.ru/**********
• http://gravesite.gr.funpic.org/**********
• http://www.gregorvandermark.com/**********
• http://grupoexpansiona.com/**********
• http://grupogolpe.com/**********
• http://ospkarlino.bulls.net.pl/**********
• http://3g-tech-industries.com/**********
• http://guia-aumento-penis.com/**********
• http://guia-femenina.com/**********
• http://guia-feminina.com/**********
• http://guia-ipc.com/**********
• http://guida-allungamento-pene.com/**********
• http://guide-agrandissement-penis.com/**********
• http://guide-feminin.com/**********
• http://jewelrytools.boo.pl/**********
• http://gustavomendonca.com/**********
• http://gusts.net/**********
• http://www.hanyungprinting.co.uk/**********
• http://hawaiicandy.com/**********
• http://hellsquad.net/**********
• http://www.hellsquad.net/**********
• http://hostalhispanico2.com/**********
• http://hostalhispanico.com/**********
Viene salvato in locale sotto:
%WINDIR%
\exefld\
%numero%
.exe Inoltre questo file viene eseguito dopo essere stato completamente scaricato. Ulteriori analisi hanno accertato che questo file è anch'esso un malware. Riconosciuto come: TR/Crypt.XPACK.Gen
Registro
Le seguenti chiavi di registro vengono aggiunte per eseguire i processi dopo il riavvio:
– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
•
%SYSDIR%
\hldrrr.exe
– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
•
%SYSDIR%
\hldrrr.exe
Viene aggiunta la seguente chiave di registro:
– [HKCU\Software\FirstRRRun]
• FirstRR2742Run = 1
Come il virus si inserisce nei processi
– Si inserisce in un processo.
Nome del processo:
• iexplore.exe
Dettagli del file
Software di compressione:
Per complicarne l'individuazione e ridurre la dimensione del file, viene compresso con un software di compressione.
Per la descrizione "in breve" clicca
qui
.
Descrizione inserita da Andrei Gherman il Tue, 29 May 2007 07:47 (GMT+1)
Descrizione aggiornata da Andrei Gherman il Tue, 29 May 2007 07:49 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« Indietro
Stampa questa pagina
W32/Elkern.C
Worm/Mytob.AT
Worm/Mytob.U
Worm/Lovgate.W
Worm/Klez.E
DR/Agent.abpc
TR/Spy.Banker.okm.2
EXP/MS08-067.C
JAVA/Dldr.Small.A
TR/Spy.Banker.get
© 2008 Avira GmbH
Copyright
Protezione dei dati
Mappa del sito
Feedback
Informazione legale
FAQ
Contatti
Minacce TR/Dldr.Bagle.BV.852
Stampa questa pagina
