Home / malware TrojanDownloader:Win32/Beebone.IO
First posted on 11 June 2013.
Source: MicrosoftAliases :
TrojanDownloader:Win32/Beebone.IO is also known as W32/Autorun.worm.aaeh!gen (McAfee), Trojan.Win32.Jorik.Vobfus.guso (Kaspersky), W32.Changeup (Symantec).
Explanation :
TrojanDownloader:Win32/Beebone.IO is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer. Installation TrojanDownloader:Win32/Beebone.IO creates the following files on an affected computer:
Payload Contacts remote host TrojanDownloader:Win32/Beebone.IO may contact a remote host at domai.01dns.org using port 8080. Commonly, malware may contact a remote host for the following purposes:
- %windir%\temp\scs10.tmp
- %windir%\temp\scs11.tmp
- %windir%\temp\scse.tmp
- %windir%\temp\scsf.tmp
- c:\documents and settings\administrator\0bup.exe
- c:\documents and settings\administrator\1bup.exe
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 aee6e87bf2c78ff6e523b6f503d7a7b90d10b334.Last update 11 June 2013
