Home / malware TrojanDownloader:Win32/Bucriv.A
First posted on 15 November 2011.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Bucriv.A is also known as Trojan.Win32.Webprefix (Ikarus).
Explanation :
TrojanDownloader:Win32/Bucriv.A is malware that connects to a remote server to download and execute arbitrary files.
Top
TrojanDownloader:Win32/Bucriv.A is malware that connects to a remote server to download and execute arbitrary files.
In the wild, it has been observed to automatically connect and communicate with one of the following servers:
- aquarium-stakany.org
- gentelmen.info
- haknuto-maknuto.com
- jasamjebenadomena.com
- lazymthfck.net
- mismojebenadomena.com
- pusikuracbre.com
- pusikuracbre.me
- sve-ce-da-nas-pojebe.biz
- sve-ce-da-nas-pojebe.com
- sve-ce-da-nas-pojebe.info
- sve-ce-da-nas-pojebe.net
- tisijebenadomena.comantiklus.com
Once connected, it downloads an executable file into the Windows Temporary Files folder, which it then executes without the user's knowledge or consent.
At the time of this writing, the servers are no longer available.
Analysis by Marian Radu
Last update 15 November 2011
