Home / malwarePDF  

Trojan.Downloader.3069.A


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.Downloader.3069.A is also known as TR/Dldr.Agent.3069 Troj/Agent-EL Trojan.Downloader.3069 T.

Explanation :

Trojan.Downloader.3069.A is an adware related DLL. To install on the victim computer, it must be called from another application (such as adware). When called for the first time, it registers itself as a COM object by creating the following registry entries :
HKCR
etro64_loader.R64Loader.1 HKCR
etro64_loader.R64Loader HKCRCLSID{288C5F13-7E52-4ADA-A32E-F5BF9D125F99} HKCRTypeLib{C7F00A9A-F1BC-436E-82C7-E8CAE6FD67F7} HKCRInterface{450B9E4D-4014-4DE3-B34E-014A81468293}Now, any application knowing the CLSID, TypeLib and Interface defined above can access the trojan.
Trojan.Downloader.3069.A can download (on behalf of the application calling it) files from specific URLs via HTTP on port 80. After the file is downloaded, it's executed on the client's machine.

As such, an application (usualy adware) can download and execute other malware on the client machine by using this trojan.

Last update 21 November 2011

 

TOP