SecurityHome.eu Trojan.Tibs.E

Home / malware PDF

Trojan.Tibs.E

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Trojan.Tibs.E is also known as TR/Tibs.E, Troj/DwnLdr-CBY, Trj/Gagar.I, TROJ_GALAPOPER.A, Downloader-ZQ.
Explanation :
This is a downloader trojan. Upon startup it checks if it's already running using a mutex named "gagagaradio". If it's already running, it exists. Otherwise it contacts downloads an encrypted file from http://81.177.[[removed]]/cntrl.php?[[removed]]. This encrypted file contains the links to other files which will be downloaded and executet. Currently this trojan downloads two files identified as Trojan.Agent.ON and Trojan.Proxy.Lager.BI, however this can change if the configuration on the remote server is changed. The trojan attempts to contact the computer with IP address 208.36.123.14 on port 25.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20