SecurityHome.eu Trojan.Downloader.Bredolab.CW

Home / malware PDF

Trojan.Downloader.Bredolab.CW

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Trojan.Downloader.Bredolab.CW is also known as Trojan.Bredolab, TrojanDownloader:Win32/Waledac.C, Trojan:W32/Agent.NFY.
Explanation :
Trojan.Downloader.Bredolab.CW is a standard downloader of rogue malware. It is distributed in a packed form, protected by custom packers with anti-emulator and anti-debugging tricks to avoid detection by antivirus scanners. The structure and code of these packers are constantly changing to evade signatures.

Once executed it tries to download two files from different addresses
* http://195.xxx.xxx.36/pr/pic/fixer_sdgareh_h.exe
* http://83.xxx.xxx.160/pr/pic/fixer_sdgareh_h.exe
* http://195.xxx.xxx.36/pr/pic/sys.exe
* http://83.xxx.xxx.160/pr/pic/sys.exe

Each file is downloaded in %system32%Temp folder with a random name and executed from there:
* _ex-[Random Number].exe
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20