Home / malware

PDF

TrojanDownloader:Win32/VB.NV

First posted on 19 October 2010.
Source: SecurityHome

Aliases :

TrojanDownloader:Win32/VB.NV is also known as Win-Downloader/GameEight.45056 (AhnLab), Win32/SillyDl.WRF (CA), Trojan.Download.64228 (Dr.Web), Win32/TrojanDownloader.VB.OTZ (ESET), Trojan-Downloader.Haha (Ikarus), Trojan-Downloader.Win32.VB.aamu (Kaspersky), Trojan.DL.VB.KQUD (VirusBuster).

Explanation :

TrojanDownloader:Win32/VB.NV is a detection for a trojan downloader that attempts to download a configuration file containing a list of additional files to download.
Top

TrojanDownloader:Win32/VB.NV is a detection for a trojan downloader that attempts to download a configuration file containing a list of additional files to download. This trojan may be distributed with other malware, such as TrojanDropper:Win32/Gemax.A, and may be present as a file named "c:\download.exe" or "c:\maxthon2.0.exe", amongst other file names. Installation The trojan drops a batch script component into the %TEMP% folder as "todeleteif.bat" to remove its own executable after its process terminates. Payload Downloads arbitrary files When run, TrojanDownloader:Win32/VB.NV launches an Internet Explorer web browser to retrieve a file "ConfigDownLoadList.html" from the following domain:

qichiee.com

At the time of writing, the requested configuration data file stored at the destination server was not available.

Analysis by Patrick Nolan

Last update 19 October 2010

 

TOP