Home / malwarePDF  

Trojan:Win32/Nebuler.K


First posted on 22 June 2010.
Source: SecurityHome

Aliases :

Trojan:Win32/Nebuler.K is also known as W32/Nebuler.B.gen!Eldorado (Authentium (Comm, Gen:Variant.Nebuler.2 (BitDefender), Trojan.Win32.Nebuler (Ikarus), Nebuler.dll (McAfee), Troj/Nebule-Gen (Sophos).

Explanation :

Trojan:Win32/Nebuler.K is a trojan that downloads other malware to the infected computer.
Top

Trojan:Win32/Nebuler.K is a trojan that downloads other malware to the infected computer. Installation Trojan:Win32/Nebuler.K arrives in the computer as an obfuscated DLL. It may arrive with the file name "twain.dll". Upon execution, Trojan:Win32/Nebuler.K creates the mutex "m3d5rt10". Trojan:Win32/Nebuler.K creates the following registry key: HKLM\SOFTWARE\Microsoft\MSSMGR Within this key it creates the following registry subkeys:

  • LSTV
  • BSTV
  • MSLIST
  • Brnd
  • SSTV
  • SCLIST
  • SSLIST
    • Payload Downloads arbitrary files Trojan:Win32/Nebuler.K attempts to download two files into the Temporary Files folder from the following Web sites:
  • savesoft.net
  • oberaufseher.net
    • The downloaded files contain links to other files downloaded from the following addresses:
  • 111.221.47.132
  • iwantsearch.net
    • The downloaded files may be detected as malware, such as:
  • PWS:Win32/Kurit!rts
  • PWS:Win32/Ldpinch.gen
    • Some of the downloaded files attempt to access Web sites that are currently blocked by Internet Explorer's "Smartscreen Filter", such as:
  • atechnologyscanner.com


    • Analysis by Daniel Radu

    Last update 22 June 2010

     

    TOP

    Malware :

    Family: