Home / malware

PDF

TrojanDownloader:Win32/Bredolab.AA

First posted on 04 January 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:Win32/Bredolab.AA is also known as Trojan-Downloader.Win32.Piker.jk (Kaspersky), Trojan.DL.Piker.CJ (VirusBuster), Win32/Kryptik.BIK (ESET), Trj/Downloader.MDW (Panda), Trojan.Win32.Bredolab.Gen.1 (Sunbelt Software), TROJ_PIKER.Q (Trend Micro).

Explanation :

TrojanDownloader:Win32/Bredolab.AA is a trojan that downloads and executes other malware from a remote server.
Top

TrojanDownloader:Win32/Bredolab.AA is a trojan that downloads and executes other malware from a remote server. InstallationWhen run, TrojanDownloader:Win32/Bredolab.AA copies itself in the Windows Startup folder as the file 'siszyd32.exe'. It then copies the following system files to the Windows Temporary Files folder to assist its execution:

kernel32.dll

ntdll.dll

win32k.sys

ws2_32.dll

Payload Downloads other malwareTrojanDownloader:Win32/Bredolab.AA downloads and executes other malware from a remote server. An example of a remote server from which it downloads other malware is 'forhomessale.ru'. One trojan it has been observed to downloaded is Trojan:Win32/Hiloti. For more information regarding other malware downloaded by this trojan and the Win32/Bredolab family, please refer to the Win32/Bredolab family description.

Analysis by Shali Hsieh

Last update 04 January 2010

 

TOP