Home / malware TrojanDownloader:Win32/Rochap.B
First posted on 11 May 2009.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Rochap.B is also known as Also Known As:Trojan-Downloader.Win32.Banload.adbz (Kaspersk, Trojan.DL.Banload.ANEF (VirusBuster).
Explanation :
TrojanDownloader:Win32/Rochap.B is a trojan that is dropped by another malware, detected as TrojanDropper:Win32/Rochap.B, in the system. It connects to a certain Web site to download a specific file. As of this writing, the Web site is no longer accessible. While downloading the file, it launches the default Web browser and displays a video from youtube.com, presumably to distract the affected user.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s). The presence of TrojanDropper:Win32/Rochap.B may also be an indication of the presence of this threat.
TrojanDownloader:Win32/Rochap.B is a trojan that is dropped by another malware, detected as TrojanDropper:Win32/Rochap.B, in the system.
Payload
Downloads Other MalwareTrojanDownloader:Win32/Rochap.B connects to the Web site infindha.com.br to download a file as <system folder>31984.exe. As of this writing, the Web site is no longer accessible. While downloading the file, it launches the default Web browser and displays a video from youtube.com, presumably to distract the affected user. Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:WinntSystem32; and for XP and Vista is C:WindowsSystem32.
Analysis by Chun FengLast update 11 May 2009