Home / malware TrojanSpy:Win32/Broonject.A
First posted on 01 February 2012.
Source: MicrosoftAliases :
TrojanSpy:Win32/Broonject.A is also known as Generic PWS.y!dv3 (McAfee).
Explanation :
TrojanSpy:Win32/Broonject.A is a trojan that is injected into a hidden instance of Internet Explorer and may communicate with a remote server with the IP address 216.<removed>.58.30.
Top
TrojanSpy:Win32/Broonject.A is a trojan that is injected into a hidden instance of Internet Explorer and may communicate with a remote server with the IP address 216.<removed>.58.30.
Installation
This trojan is installed by TrojanDropper:Win32/Broonject.A as the following files:
- <system folder> \zine.dll - TrojanSpy:Win32/Broonject.A
- <system folder> \zico.exe - TrojanSpy:Win32/Broonject.A
- <system folder> \cha.exe €“ TrojanSpy:Win32/Broonject.A
Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
TrojanDropper:Win32/Broonject.A launches a hidden instance of Internet Explorer and injects the dropped file "zine.dll" into that process.
Payload
Communicates with a remote host
This trojan attempts to connect with a remote server with an IP address of 216.<removed>.58.30. At the time of this writing, the server was not available for analysis.
Analysis by Wei Li
Last update 01 February 2012
