Home / malwarePDF  

Trojan:Win32/Boaxxe.F


First posted on 24 April 2009.
Source: SecurityHome

Aliases :

There are no other names known for Trojan:Win32/Boaxxe.F.

Explanation :

Trojan:Win32/Boaxxe.F is a trojan that installs itself as a Browser Helper Object and may contact remote sites in order to download and execute arbitrary files.

Symptoms
There are no obvious symptoms that indicate the presence of this malware on an affected machine.

Trojan:Win32/Boaxxe.F is a trojan that installs itself as a Browser Helper Object (BHO) and may contact remote sites in order to download and execute arbitrary files.Installation Trojan:Win32/Boaxxe.F comes with an executable file that installs the trojan BHO into the Windows system folder with a randomly generated filename consisting of strings of letters. For example:<system folder>ysgllsb.dll
<system folder>zxbimog.dll Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:WinntSystem32; and for XP and Vista is C:WindowsSystem32. The trojan registers the dropped BHO to run when the default Web browser is run, by creating keys in the registry, as in this example:
Adds value: (default)
With data: "<system folder><dropped BHO dll>"
To subkey: HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{random CLSID value}InprocServer32 Adds value: (default)
With data: {random CLSID value}To subkey: HKEY_LOCAL_MACHINESOFTWAREClasses<random letters>Payload Downloads and Executes Arbitrary Files
The trojan contacts remote sites and downloads and executes arbitrary files, possibly including additional malware.

Analysis by Elda Dimakiling

Last update 24 April 2009

 

TOP