Home / malware Trojan:Win32/Balisdat.gen!E
First posted on 27 March 2012.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Balisdat.gen!E.
Explanation :
Trojan:Win32/Balisdat.gen!E is a trojan that acts as a malicious component for Win32/Banker and Win32/Bancos variants. It can download other files or delete security-related files found in the affected computer.
Top
Trojan:Win32/Balisdat.gen!E is a trojan that acts as a malicious component for Win32/Banker and Win32/Bancos variants. It can download other files or delete security-related files found in the affected computer.
Installation
Trojan:Win32/Balisdat.gen!E is observed to arrive with the following file names:
- Album.exe
- Face_Color.exe
- Fotos.exe
- Recarga_Soft.exe
- Desbloqueia-Maior18.exe
When run, Trojan:Win32/Balisdat.gen!E drops a copy of itself as "%windir%\Media\dwm.exe".
The malware modifies the following registry entry to ensure it executes at each Windows start:
In subkey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sets value: "default"
With data: "%windir%\Media\dwm.exe"
The trojan may display a window with the following message:
Payload
Downloads arbitrary files
Trojan:Win32/Balisdat.gen!E may download other possibly malicious components of Win32/Bancos variants from certain servers.
In the wild, it has been observed connecting to the following server to download files:
003.alfacentauria.com/BoxFile.bcc
Analysis by Francis Allan Tan Seng
Last update 27 March 2012
