Home / malware TrojanDownloader:Win32/Npbro.A
First posted on 19 June 2012.
Source: MicrosoftAliases :
TrojanDownloader:Win32/Npbro.A is also known as Trojan-Downloader.Win32.Npbro (Ikarus), PUA.Script.Packed-1 (Clam AV).
Explanation :
TrojanDownloader:Win32/Npbro.A is a trojan that runs as a web browser plugin for browsers that support the Netscape Plugin Application Programming Interface (NPAPI) architecture. This includes browsers such as Mozilla Firefox, Google Chrome, and Opera. Internet Explorer 6 and above does not support the NPAPI architecture.
Installation
In one example, TrojanDownloader:Win32/Npbro.A was distributed as a Google Chrome extensions installer file (.CRX file extension). This trojan may be present on your computer as "plugin.dll" and visible as a browser add-on by the name "ScreenCapturePlugin plugin".
This trojan will run when you launch a web browser.
Payload
Downloads arbitrary files
TrojanDownloader:Win32/Npbro.A downloads and runs a file from various servers as "%Temp%\file.exe".
Analysis by Jim Wang
Last update 19 June 2012
