Home / malwarePDF  

TrojanDownloader:VBS/Donvibs


First posted on 15 June 2016.
Source: Microsoft

Aliases :

There are no other names known for TrojanDownloader:VBS/Donvibs.

Explanation :

Installation

This threat is a malware downloader that is often distributed as an attachment to spam mails. It can download and run other malware families into your PC without consent.

Upon execution, this threat downloads files to your PC, which can have the name:

  • %appdata%\{random} (example: "2828")
  • %appdata% \{random}.tmp (example: "282831.tmp")


Payload

Downloads malware or unwanted software

This threat can download other malware and unwanted software onto your PC. We have seen it download the following threats:
  • Ransom:Win32/Cerber


An example of a URL it downloads from is:
  • http://94.102.63.7/subid3.jpg?DKC=25




Analysis by Alden Pornasdoro

Last update 15 June 2016

 

TOP