Home / malware TrojanDownloader:Win32/Beebone.HQ
First posted on 03 May 2013.
Source: MicrosoftAliases :
TrojanDownloader:Win32/Beebone.HQ is also known as W32/Autorun.worm.aaeh!gen (McAfee), WORM_VOBFUS.SMKE (Trend Micro), Trojan.Win32.Jorik.Vobfus.gual (Kaspersky), W32/SillyFDC-KC (Sophos), W32.Changeup (Symantec).
Explanation :
TrojanDownloader:Win32/Beebone.HQ is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer. Installation TrojanDownloader:Win32/Beebone.HQ creates the following files on an affected computer:
Payload Contacts remote host TrojanDownloader:Win32/Beebone.HQ may contact a remote host at domai.5dns.org using port 443. Commonly, malware may contact a remote host for the following purposes:
- %windir%\temp\scs7.tmp
- %windir%\temp\scs8.tmp
- %windir%\temp\scs9.tmp
- %windir%\temp\scsa.tmp
- c:\documents and settings\administrator\0tn7.exe
- c:\documents and settings\administrator\1tn7.exe
- To report a new infection to its author
- To receive configuration or other data
- To download and execute arbitrary files (including updates or additional malware)
- To receive instruction from a remote attacker
- To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 5775ed959349015616bbde8ed693b038e86a18c7.Last update 03 May 2013
