Home / malware TrojanDownloader:Win32/Bredolab.AC
First posted on 29 June 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Bredolab.AC is also known as Packed.Win32.Krap.ar (Kaspersky), Trojan.DL.Bredolab.CPZ (VirusBuster), Trojan horse Downloader.Generic9.CECZ (AVG), TR/Spy.ZBot.BH (Avira), Win32/TrojanDownloader.Bredolab.BE (ESET), Packed.Win32.Krap (Ikarus), Generic Downloader.x!dzk (McAfee), Troj/Agent-NRU (Sophos), Win32.Malware!Drop (Sunbelt Software).
Explanation :
TrojanDownloader:Win32/Bredolab.AC is a trojan that downloads and executes arbitrary files from a remote host.
Top
TrojanDownloader:Win32/Bredolab.AC is a trojan that downloads and executes arbitrary files from a remote host. Installation When executed, the malware makes a copy of itself in the following location: <startup folder>\monskc32.exe Note: <startup folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the Startup folder for Windows 9x, Me, NT, 2000, XP and 2003 is '%USERPROFILE%\Start Menu\Programs\Startup'. For Windows Vista and 7, the default location is '%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup'. The malware may also inject code into the following system processes: Explore.exe svchost.exe Payload Downloads and executes arbitrary files The malware connects to a remote host, for example: sicha-linna8.com It does this to download and execute files. At the time of writing the malware downloaded variants of the following families: Trojan:Win32/Alureon PWS:Win32/Daurso PWS:Win32/Zbot
Analysis by Ray RobertsLast update 29 June 2010
