Home / malwarePDF  

TrojanDownloader:Win32/Boonana.A


First posted on 04 November 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:Win32/Boonana.A is also known as Win32/Boonana.A (ESET), OSX/Koobface.A (other), jnana (other).

Explanation :

TrojanDownloader:Win32/Boonana.A is a trojan that connects to remote hosts in order to download arbitrary files.
Top

TrojanDownloader:Win32/Boonana.A is a trojan that connects to remote hosts in order to download arbitrary files. InstallationThe trojan is written for the Microsoft .NET Framework and creates a mutex named "VFXDSys Compatibility Synchronisation Limited". In the wild, this trojan was distributed from a website named "fbookme.x10.mx" as a file "VfxdSys.zip". The trojan may have been installed by other malware and may be present as the following:

  • %APPDATA%\Microsoft\VfxdSys Drivers\siv.exe
  • %APPDATA%\Microsoft\VfxdSys Drivers\VFxdSys.exe
  • %APPDATA%\Microsoft\VfxdSys Drivers\VfxdSysAdm.exe
    • Payload Connect to remote hosts / downloads arbitrary files TrojanDownloader:Win32/Boonana.A connects to the following remote hosts in order to download arbitrary files:
  • samoobrona.one.pl
  • 79cj7.com
  • svadbaufa.net.ru
  • kinnetix.com
  • techniice.ro
  • localtarian.com
  • localtarian.org
  • roadramble.com
  • cd-km.info
  • argeneduc.com.ar
  • alikova.net.ru
  • boquocphong.net
  • sistersofmarcy.com
  • arsoffice.info
  • jploh.com
  • plomien81.int.pl
  • spiffyinc.com
  • dework.net.ru
    • Additional InformationTrojanDownloader:Win32/Boonana.A modifies other registry data. In subkey: HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsSets value: "Run"With data: "0"

    Analysis by Jaime Wong

    Last update 04 November 2010

     

    TOP

    Malware :

    Family: