Analysis by: Vincent Martin Hermosura

ALIASES:

TrojanDownloader:O97M/Lerkdoto.A (Microsoft), Trojan.Mdropper (Symmantec), Exploit-FCB!716A94594112 (Mcafee), Troj/DocDl-N (Sophos), W97M.Downloader.W (Bitdefender), Trojan-Downloader.VBA.Agent (Ikarus), VBA/TrojanDownloader.Agent.AE trojan (Esset)

 PLATFORM:

Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.

  TECHNICAL DETAILS

File Size: 34816 bytes
File Type: DOC
Initial Samples Received Date: 12 Aug 2014

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Download Routine

This Trojan accesses the following websites to download files:

  • http://{BLOCKED}ansteve.com/torrent.exe

It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.