TROJ_MDRP.TYUBZ
VBA/TrojanDownloader.Agent.T trojan (Nod32)
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
29,696 bytes
DOC
03 Jul 2014
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan drops and executes the following files:
- %User Profile%\FFFd.COM
(Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.)
Download Routine
This Trojan saves the files it downloads using the following names:
- %User Profile%\Local Settings\Temporary Internet Files\Content.IE5\SJE1UV0X\rollover5[1].jpg
(Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.)
Other Details
This Trojan attempts to access the following websites to download files, which are possibly malicious:
- http://www.{BLOCKED}maes.be/fotos/rollover5.jpg