Home / malware

PDF

TrojanDownloader:Win32/Beebone.IX

First posted on 10 July 2013.
Source: Microsoft

Aliases :

TrojanDownloader:Win32/Beebone.IX is also known as Beebone-FMQ!039FA2520D97 (McAfee), Trojan-Dropper.Win32.Dorifel.adtx (Kaspersky), W32.Changeup!gen40 (Symantec).

Explanation :

TrojanDownloader:Win32/Beebone.IX is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer. Installation TrojanDownloader:Win32/Beebone.IX creates the following files on an affected computer:

• %windir%\assembly\nativeimages_v4.0.30319_32\temp\a50-0\system.data.datasetextensions.dll
• %windir%\temp\scs10.tmp
• %windir%\temp\scs11.tmp
• %windir%\temp\scse.tmp
• %windir%\temp\scsf.tmp
• c:\documents and settings\administrator\0a5y.exe
• c:\documents and settings\administrator\1a5y.exe

Payload Contacts remote host TrojanDownloader:Win32/Beebone.IX may contact a remote host at 51321.z0dns.com using port 2323. Commonly, malware may contact a remote host for the following purposes:

• To report a new infection to its author
• To receive configuration or other data
• To download and execute arbitrary files (including updates or additional malware)
• To receive instruction from a remote attacker
• To upload data taken from the affected computer

This malware description was produced and published using our automated analysis system's examination of file SHA1 631dc845720805b58af945ba18842c001bf5d057.

Last update 10 July 2013

 

TOP