Home / malware TrojanDownloader:Win32/VB.gen!C
First posted on 17 March 2012.
Source: MicrosoftAliases :
TrojanDownloader:Win32/VB.gen!C is also known as Generic.grp!dp (McAfee).
Explanation :
TrojanDownloader:Win32/VB.gen!C is a generic detection for trojans written in Visual Basic, which download arbitrary files into the affected computer.
Top
TrojanDownloader:Win32/VB.gen!C is a generic detection for trojans written in Visual Basic, which download arbitrary files into the affected computer.
Installation
Upon execution, it may drop the following files, which are also detected as TrojanDownloader:Win32/VB.gen!C:
- <system folder>\ads.exe
- <system folder>\ads<number>.exe
Note - <system folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the Windows system folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Payload
Downloads arbitrary files
The dropped files detected as TrojanDownloader:Win32/VB.gen!C attempt to download arbitrary files from the following servers:
- adf.ly
- haxlib.net
- keycf.net
- mastermodz.us
At the time of this writing, the files requested by the malware are no longer accessible.
Analysis by Edgardo Diaz
Last update 17 March 2012
