Home / malwarePDF  

Trojan-Downloader:W32/KDV-176347


First posted on 08 April 2011.
Source: SecurityHome

Aliases :

There are no other names known for Trojan-Downloader:W32/KDV-176347.

Explanation :

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.

Additional Details

This trojan is disguised as a DOC file. Upon executing the trojan, it will download a document from a remote site (hxxp://www.epof.ru/[...]/document.doc) and display it, furthering the deception that the trojan is legitimate. Below is a screenshot of the document displayed:



In the meantime, the trojan will attempt to download malicious files from the following URLs:

  • hxxp://www.epof.ru/[...]/load.php?file=0
  • hxxp://www.epof.ru/[...]/load.php?file=1
  • hxxp://www.epof.ru/[...]/load.php?file=2
  • hxxp://www.epof.ru/[...]/load.php?file=3
  • hxxp://www.epof.ru/[...]/load.php?file=4
  • hxxp://www.epof.ru/[...]/load.php?file=5
  • hxxp://www.epof.ru/[...]/load.php?file=6
  • hxxp://www.epof.ru/[...]/load.php?file=7
  • hxxp://www.epof.ru/[...]/load.php?file=8
  • hxxp://www.epof.ru/[...]/load.php?file=9
  • hxxp://www.epof.ru/[...]/load.php?file=uploader
  • hxxp://www.epof.ru/[...]/load.php?file=grabbers


At the time of writing, the domain contacted by the malware is blocked by the Browsing Protection feature of our product.

Last update 08 April 2011

 

TOP

Malware :