Home / malware Trojan.Bredolab.BR
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Bredolab.BR is also known as W32/Bredolab.T.gen!Eldorado, Generic, Dropper.lr, Packed.Win32.Krap.x.
Explanation :
Trojan.Bredolab.BR is another (and somehow unusual) variant of the popular Bredolab malware family.
Unlike some older variants, the one in this case has a rather simple behavior, all it does is to download other malware components. Regardless of this limited functionality, it is very well protected against analysis or anti-malware programs by using custom packing protection with highly obfuscated code which hides its small malicious code, making detection a hard job for standard antivirus scanners.
The file comes with an apparently harmless document-like icon fooling an unsuspecting computer user to think it can do no harm. Upon execution it will unpack its code and try to connect to various remote addresses through the HTTP protocol for downloading and executing other trojans, usually fake antivirus or antispyware scanners (like PC Antispyware 2010).
As already mentioned, this particular variant will do virtually nothing with the exception of downloading other infected files. For example it doesn't register itself to start automatically at system start-up nor does it inject code into other processes like some other variants.Last update 21 November 2011
