Home / malwarePDF  

TrojanDropper:Win32/Boaxxe.E


First posted on 24 April 2009.
Source: SecurityHome

Aliases :

TrojanDropper:Win32/Boaxxe.E is also known as Also Known As:Mal/Dropper-AC (Sophos), Trojan.Dropper.STJ (BitDefender), Trojan-Dropper.Win32.Agent.agfl (Kaspersky), :Trj/Downloader.MDW (Panda).

Explanation :

TrojanDropper:Win32/Boaxxe.E is a trojan that drops and executes Trojan:Win32/Boaxxe.I. It may also attempt to terminate a process related to the security program "Spybot Search and Destroy Spyware remover".

Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s). The presence of Trojan:Win32/Boaxxe.I may also be a symptom of this threat.

TrojanDropper:Win32/Boaxxe.E is a trojan that drops and executes Trojan:Win32/Boaxxe.I. It may also attempt to terminate a security related process.

Payload
Drops Other Malware
When TrojanDropper:Win32/Boaxxe.E is run, it may drop the following file:
%TEMP%dat<random>.tmp - detected as Trojan:Win32/Boaxxe.I. where <random> is a random series of alphanumeric characters. This file is then moved to the following location and the file extension is renamed:
<system folder><malware file name>.dll where <malware file name> is taken from an existing DLL selected at random with either a random letter appended or the last letter removed. For example, if the chosen existing file is dmconf.dll, <malware file name> may be dmconfi.dll or dmcon.dll. Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:WinntSystem32; and for XP and Vista is C:WindowsSystem32. Terminates Process
TrojanDropper:Win32/Boaxxe.E may terminate a process related to the security application "Spybot Search and Destroy Spyware remover" named teatimer.exe.

Analysis by Elda Dimakiling

Last update 24 April 2009

 

TOP