Home / malwarePDF  

TrojanDownloader:Win32/Adload


First posted on 15 February 2019.
Source: Microsoft

Aliases :

There are no other names known for TrojanDownloader:Win32/Adload.

Explanation :

TrojanDownloader:Win32/Adload is a trojan downloader family that is written in Visual Basic. The trojans for this family are typically through various botnets. The trojans normally have a Visual Basic project name of "Project1" with a project file path of "*Ae: empproject1.vbp". The trojan is normally placed in an archive, typically a rar archive, or an installer, typically Nullsoft Scriptable Install System (NSIS). The TrojanDownloader:Win32/Adload trojan downloads a file named "drsmartload.exe" from http://*.dollarrevenue.com/* and then executes it.
This downloaded file is stored temporarily as "drsmartload[1].exe" in the Temporary Internet Files folder of the current user, and is then copied to the root of the main drive, normally "C:", when it has completed downloading.
The downloaded "drsmartload.exe" file normally downloads various spyware/adware files. But, as this file is stored remotely, it can be changed at any time.

Last update 15 February 2019

 

TOP