Home / malwarePDF  

TrojanDownloader:Win32/Npbro.A


First posted on 19 June 2012.
Source: Microsoft

Aliases :

TrojanDownloader:Win32/Npbro.A is also known as Trojan-Downloader.Win32.Npbro (Ikarus), PUA.Script.Packed-1 (Clam AV).

Explanation :



TrojanDownloader:Win32/Npbro.A is a trojan that runs as a web browser plugin for browsers that support the Netscape Plugin Application Programming Interface (NPAPI) architecture. This includes browsers such as Mozilla Firefox, Google Chrome, and Opera. Internet Explorer 6 and above does not support the NPAPI architecture.



Installation

In one example, TrojanDownloader:Win32/Npbro.A was distributed as a Google Chrome extensions installer file (.CRX file extension). This trojan may be present on your computer as "plugin.dll" and visible as a browser add-on by the name "ScreenCapturePlugin plugin".

This trojan will run when you launch a web browser.



Payload

Downloads arbitrary files

TrojanDownloader:Win32/Npbro.A downloads and runs a file from various servers as "%Temp%\file.exe".



Analysis by Jim Wang

Last update 19 June 2012

 

TOP