SecurityHome.eu TrojanDownloader:W97M/Agent.B

Home / malware PDF

TrojanDownloader:W97M/Agent.B

First posted on 18 November 2014.
Source: Microsoft
Aliases :
There are no other names known for TrojanDownloader:W97M/Agent.B.
Explanation :
Threat behavior

Installation

This threat usually arrives on your PC as a Microsoft Office file attached to a spam email. We have seen this threat using a Microsoft Word (.doc) file.

Payload

Downloads and runs files

When the malicious document is opened and macros are enabled this threat downloads an executable file from a hardcoded URL to a local folder. It then runs the executable and deletes the file from your PC.

We have seen it connect to domains that are registered in Taipei, Beijing, Seoul and Isle of Man.

The downloaded files can be saved and run from the following locations:

ccapp.exe

temp.exe

xp.exe

2k.exe

Analysis by Jakub Kaminski

Symptoms

The following can indicate that you have this threat on your PC:

You have these files:

ccapp.exe
temp.exe
xp.exe
2k.exe

Last update 18 November 2014

TOP

Malware :

Last 20

Family:

TrojanDownloader:W97M/Agent.B